Search for vulnerabilities
Vulnerability details: VCID-b2hd-n5zu-aaak
Vulnerability ID VCID-b2hd-n5zu-aaak
Aliases CVE-2017-9778
Summary GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 3.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9778.json
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00057 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00105 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2017-9778
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1466255
cvssv3.1 3.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2017-9778
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-9778
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9778.json
https://api.first.org/data/v1/epss?cve=CVE-2017-9778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://sourceware.org/bugzilla/show_bug.cgi?id=21600
http://www.securityfocus.com/bid/99244
1466255 https://bugzilla.redhat.com/show_bug.cgi?id=1466255
865607 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865607
cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*
CVE-2017-9778 https://nvd.nist.gov/vuln/detail/CVE-2017-9778
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9778.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-9778
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-9778
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.24668
EPSS Score 0.00057
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.