Refine your search
1 vulnerability found for libdwarf by libdwarf_project
CVE-2024-2002 (GCVE-0-2024-2002)
Vulnerability from cvelistv5
Published
2024-03-18 12:26
Modified
2025-11-20 18:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-415 - Double Free
Summary
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0.1.0 |
||||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-2002"
},
{
"name": "RHBZ#2267700",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267700"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGPVLSPIXR32J6FOAFTTIMYTUUXJICGW/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T15:05:19.693453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:05:38.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/davea42/libdwarf-code/",
"defaultStatus": "unaffected",
"packageName": "libdwarf",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "unaffected",
"version": "0.9.2"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "libdwarf",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "libdwarf",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2024-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:21:28.745Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-2002"
},
{
"name": "RHBZ#2267700",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267700"
},
{
"url": "https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-04T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-17T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Libdwarf: crashes randomly on fuzzed object",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-415: Double Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-2002",
"datePublished": "2024-03-18T12:26:31.386Z",
"dateReserved": "2024-02-29T08:38:25.706Z",
"dateUpdated": "2025-11-20T18:21:28.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}