Buffer Overflow - Out of bound memory access in the main gdb module via opening an ELF for debugging with an impact of DoS, Memory Disclosure, and Possible Code Execution.
Created gdb tracking bugs for this issue:
Affects: fedora-all [bug 1740633]
The following upstream commit was added to upstream bugzilla entry for this issue:
however it's important to notice this commit doesn't properly fix the flaw but only adds a warning instead.
Currently GDB doesn't properly validate the ELF section sizes from input file. The section size value is used during debug symbols reading phase when gdb extract the symbols and their names from file's string table. The invalid section size generate odd offsets during the table reading in function read_indirect_string_at_offset_from(), the odd offset will lead to a out-of-bands read and may result in data leaks and DoS.
OK, so Jan and I chatted on IRC about his comment. I was considering using gdb to attach to some running process (which uses ptrace()). Jan was talking about just running just gdb to load some untrusted binary. He was worried about this untrusted binary crashing gdb, and then somehow causing some of the other code in that untrusted binary getting run.
However, as comment #3 says: "On the other hand I can't see how this can lead to arbitrary code execution". Comment #4 says "It doesn't seems possible to cause code execution though".
If there is no possible code execution, Jan and I agree that this is a minor/harmless DoS and should be classified as "low".