CVE-2006-4146

NameCVE-2006-4146
DescriptionBuffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gdb (PTS)wheezy7.4.1+dfsg-0.1vulnerable
jessie7.7.1+dfsg-5vulnerable
buster, sid, stretch7.12-6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gdbsource(unstable)(unfixed)unimportant

Notes

Every sensible use of gdb involves executing the debugged binary

Search for package or bug name: Reporting problems