|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-36699: gdb: buffer overflow via the gdb.selected_inferior().read_memory component at utils.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Tom de Vries <tdevries> |
| Status: | RESOLVED INVALID | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | camila.matos, matz, mjambor |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/410359/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-36699:3.3:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2024-06-12 17:28:11 UTC
The patch link [0] provided by NVD seems to be broken, as the resource being referenced by it does not exist. The correct link is probably the one from [1]. The upstream bug for this issue [2] references the correct patch, which is the one from commit 06e967db [3]. [0] https://sourceware.orga/pipermail/gdb-patches/2024-April/2080 [1] https://sourceware.org/pipermail/gdb-patches/2024-April/208019.html [2] https://sourceware.org/bugzilla/show_bug.cgi?id=31631 [3] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=06e967dbc9b75a4a3c1b15b54360cf1abbf9c2bd Here ( https://bugzilla.redhat.com/show_bug.cgi?id=2292169#c2 ) we find: ... Red Hat Product Security does not consider this to be a vulnerability. ... Likewise here ( https://bugzilla.redhat.com/show_bug.cgi?id=2292166#c2 ). The CVE was rejected. |