Buffer Overflow - Out of bound memory access in the main gdb module via opening an ELF for debugging with an impact of DoS, Memory Disclosure, and Possible Code Execution.
Created gdb tracking bugs for this issue: Affects: fedora-all [bug 1740633]
The following upstream commit was added to upstream bugzilla entry for this issue: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8ff71a9c80cfcf64c54d4ae938c644b1b1ea19fb however it's important to notice this commit doesn't properly fix the flaw but only adds a warning instead.
Currently GDB doesn't properly validate the ELF section sizes from input file. The section size value is used during debug symbols reading phase when gdb extract the symbols and their names from file's string table. The invalid section size generate odd offsets during the table reading in function read_indirect_string_at_offset_from(), the odd offset will lead to a out-of-bands read and may result in data leaks and DoS.
OK, so Jan and I chatted on IRC about his comment. I was considering using gdb to attach to some running process (which uses ptrace()). Jan was talking about just running just gdb to load some untrusted binary. He was worried about this untrusted binary crashing gdb, and then somehow causing some of the other code in that untrusted binary getting run. However, as comment #3 says: "On the other hand I can't see how this can lead to arbitrary code execution". Comment #4 says "It doesn't seems possible to cause code execution though". If there is no possible code execution, Jan and I agree that this is a minor/harmless DoS and should be classified as "low".
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1635 https://access.redhat.com/errata/RHSA-2020:1635
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1010180