CVE-2023-39130: 
NixOS vulnerability analysis and mitigation

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow vulnerability in the function pe_as16() located in /gdb/coff-pe-read.c. The vulnerability was disclosed on July 25, 2023, and affects multiple versions of GDB across various Linux distributions (NVD, Ubuntu).

The vulnerability is classified as a heap buffer overflow that occurs in the pe_as16() function when processing PE (Portable Executable) files. It has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue specifically manifests when GDB attempts to read PE exported symbols during binary analysis (NVD).

When exploited, this vulnerability can cause a denial of service condition through application crash, or potentially lead to arbitrary code execution. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (Ubuntu).

The vulnerability has been fixed in various Ubuntu releases: Ubuntu 22.04 LTS (12.1-0ubuntu1~22.04.2), Ubuntu 20.04 LTS (9.2-0ubuntu1~20.04.2), and Ubuntu 18.04 LTS (8.1.1-0ubuntu1+esm1). The fix was committed to the GDB source repository with commit 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 (Ubuntu, Sourceware).