CVE-2017-9778
CVE-2017-9778 is a medium-severity vulnerability in Gnu Gdb with a CVSS 3.x base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 3.x base score 5.5)
- CVSS v2: 4.3
- EPSS exploit prediction: 1% (62nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Gnu Gdb
- Published:
- Last modified:
Description
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
Frequently asked questions
- What is CVE-2017-9778?
- GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
- How severe is CVE-2017-9778?
- CVE-2017-9778 has a CVSS 3.x base score of 5.5, rated medium severity. It is exploitable over local access with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2017-9778 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (62nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-9778?
- CVE-2017-9778 affects Gnu Gdb. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2017-9778?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2017-9778 published?
- CVE-2017-9778 was published on 2017-06-21 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*
More vulnerabilities in Gnu Gdb
- CVE-2019-1010180 — High (CVSS 7.8): GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service,…
- CVE-2005-1705 — High (CVSS 7.2): gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users…
- CVE-2011-4355 — Medium (CVSS 6.9): GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the…
- CVE-2023-39130 — Medium (CVSS 5.5): GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at…
- CVE-2023-39129 — Medium (CVSS 5.5): GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function…
- CVE-2023-39128 — Medium (CVSS 5.5): GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at…
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →