Vulnerabilites related to libdwarf_project - libdwarf
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1377015 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/libdwarf/bugs/4/ | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1377015 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/libdwarf/bugs/4/ | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input."
},
{
"lang": "es",
"value": "La funci\u00f3n read_line_table_program en dwarf_line_table_reader_common.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de una entrada manipulada."
}
],
"id": "CVE-2016-7510",
"lastModified": "2024-11-21T02:58:07.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:01.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-24 04:15
Modified
2024-11-21 04:26
Severity ?
Summary
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/109380 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599 | Patch, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/libdwarf/code/merge-requests/4/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109380 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/libdwarf/code/merge-requests/4/ | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD53CC27-7324-45FC-86A6-3191507A6602",
"versionEndExcluding": "2019-07-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump."
},
{
"lang": "es",
"value": "En el archivo dwarf_elf_load_headers.c en libdwarf antes del 05-07-2019 permite a los atacantes causar una denegaci\u00f3n de servicio (divisi\u00f3n por cero) por medio de un archivo ELF con un grupo de secci\u00f3n de tama\u00f1o cero (SHT_GROUP), como es demostrado por dwarfdump."
}
],
"id": "CVE-2019-14249",
"lastModified": "2024-11-21T04:26:17.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-24T04:15:12.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109380"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/merge-requests/4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/merge-requests/4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-31 19:59
Modified
2024-11-21 02:47
Severity ?
Summary
The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/01/19/9 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/01/25/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/01/19/9 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/01/25/3 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2015-11-14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8FD0DC-1010-440B-94A4-DA768505F2E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file."
},
{
"lang": "es",
"value": "La funci\u00f3n get_abbrev_array_info en libdwarf-20151114 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) a trav\u00e9s de un archivo elf manipulado."
}
],
"id": "CVE-2016-2050",
"lastModified": "2024-11-21T02:47:41.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-31T19:59:00.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-02 03:15
Modified
2024-11-21 07:17
Severity ?
Summary
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 0.4.1 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E818D-510D-47B1-8DB9-299F4344D6D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c."
},
{
"lang": "es",
"value": "libdwarf versi\u00f3n 0.4.1, presenta una doble liberaci\u00f3n en la funci\u00f3n _dwarf_exec_frame_instr en el archivo dwarf_frame.c"
}
],
"id": "CVE-2022-39170",
"lastModified": "2024-11-21T07:17:42.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-02T03:15:07.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/issues/132"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/issues/132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data."
},
{
"lang": "es",
"value": "La funci\u00f3n dump_block en print_sections.c en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de datos de trama manipulados."
}
],
"id": "CVE-2016-5036",
"lastModified": "2024-11-21T02:53:30.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-02 14:16
Modified
2024-11-21 07:05
Severity ?
Summary
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/davea42/libdwarf-code/issues/116 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/davea42/libdwarf-code/issues/116 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 0.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "448D8623-0083-42B9-A9D1-60A5BF2F6DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c."
},
{
"lang": "es",
"value": "libdwarf versi\u00f3n 0.4.0, presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n _dwarf_check_string_valid en el archivo dwarf_util.c"
}
],
"id": "CVE-2022-32200",
"lastModified": "2024-11-21T07:05:54.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-02T14:16:01.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/issues/116"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/issues/116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections."
},
{
"lang": "es",
"value": "La funci\u00f3n print_frame_inst_bytes en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia de puntero NULL) a trav\u00e9s de un archivo de objeto con secciones similares bss vac\u00edas."
}
],
"id": "CVE-2016-5028",
"lastModified": "2024-11-21T02:53:29.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records."
},
{
"lang": "es",
"value": "dwarf_elf_access.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) a trav\u00e9s de un archivo manipulado, relacionado con los registros de reubicaci\u00f3n."
}
],
"id": "CVE-2016-5034",
"lastModified": "2024-11-21T02:53:30.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section."
},
{
"lang": "es",
"value": "La funci\u00f3n WRITE_UNALIGNED en dwarf_elf_access.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de una secci\u00f3n DWARF manipulada."
}
],
"id": "CVE-2016-5044",
"lastModified": "2024-11-21T02:53:31.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1332145 | Issue Tracking | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1332145 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section."
},
{
"lang": "es",
"value": "La funci\u00f3n dwarf_get_aranges_list en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda) a trav\u00e9s de una secci\u00f3n DWARF manipulada."
}
],
"id": "CVE-2016-5042",
"lastModified": "2024-11-21T02:53:31.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-18 06:29
Modified
2024-11-21 03:35
Severity ?
Summary
An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2017-03-21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2017-03-21:*:*:*:*:*:*:*",
"matchCriteriaId": "705E27F0-3D25-400A-995C-66CD08BC7D8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read."
},
{
"lang": "es",
"value": "Se ha descubierto un fallo, tambi\u00e9n conocido como DW201703-001, en libdwarf el 2017-03-21. En dwarf_formsdata() para algunos tipos de datos no se comprobaba que estuvieran dentro de los l\u00edmites, lo que provoc\u00f3 una sobrelectura de b\u00fafer basada en memoria din\u00e1mica o heap."
}
],
"id": "CVE-2017-9055",
"lastModified": "2024-11-21T03:35:14.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-18T06:29:00.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n dwarf_get_xu_hash_entry en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-5032",
"lastModified": "2024-11-21T02:53:29.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-18 06:29
Modified
2024-11-21 03:35
Severity ?
Summary
An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98553 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98553 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2017-03-21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2017-03-21:*:*:*:*:*:*:*",
"matchCriteriaId": "705E27F0-3D25-400A-995C-66CD08BC7D8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list()."
},
{
"lang": "es",
"value": "Un problema, que tambi\u00e9n se conoce como DW201703-006, se detect\u00f3 en libdwarf el 21-03-2017. Una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n dwarf_formsdata() debido a un fallo al comprobar que un puntero este dentro de l\u00edmites (en algunos lugares de esta funci\u00f3n) y a un fallo en una comprobaci\u00f3n en la funci\u00f3n dwarf_attr_list()."
}
],
"id": "CVE-2017-9052",
"lastModified": "2024-11-21T03:35:13.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-18T06:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98553"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-23 21:59
Modified
2024-11-21 02:57
Severity ?
Summary
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/09/13/5 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/09/15/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92971 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/09/13/5 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/09/15/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92971 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2016-06-13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2016-06-13:*:*:*:*:*:*:*",
"matchCriteriaId": "46FEB08E-F710-466E-BD43-561F31949708",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_read_loc_section en dwarf_loc.c en libdwarf 20160613 permite atacantes provocar una denegaci\u00f3n de servicio (sobre lectura de b\u00fafer) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-7410",
"lastModified": "2024-11-21T02:57:56.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-23T21:59:02.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/13/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/13/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92971"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:58
Severity ?
Summary
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sourceforge.net/p/libdwarf/bugs/3/ | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html#DW201609-002 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/libdwarf/bugs/3/ | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html#DW201609-002 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2016-06-13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2016-06-13:*:*:*:*:*:*:*",
"matchCriteriaId": "46FEB08E-F710-466E-BD43-561F31949708",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en el dwarf_die_deliv.c en libdwarf 20160613 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-7511",
"lastModified": "2024-11-21T02:58:07.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:01.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW201609-002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW201609-002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str."
},
{
"lang": "es",
"value": "La funci\u00f3n dwarf_get_macro_startend_file en dwarf_macro5.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un desplazamiento de cadena manipulado para .debug_str."
}
],
"id": "CVE-2016-5038",
"lastModified": "2024-11-21T02:53:30.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header."
},
{
"lang": "es",
"value": "Libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de un valor de longitud grande en un encabezado de unidad de compilaci\u00f3n."
}
],
"id": "CVE-2016-5040",
"lastModified": "2024-11-21T02:53:30.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-28 18:59
Modified
2024-11-21 03:01
Severity ?
Summary
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720D5B9E-31E8-43BD-86CF-C8D947DECED4",
"versionEndExcluding": "2016-11-24",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a \"negation overflow.\""
},
{
"lang": "es",
"value": "(1) libdwarf/dwarf_leb.c y (2) dwarfdump/print_frames.c en libdwarf en versiones anteriores a 20161124 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un bit manipulado en un n\u00famero de leb firmado, tambi\u00e9n conocido como \"desbordamiento de negaci\u00f3n\""
}
],
"id": "CVE-2016-9558",
"lastModified": "2024-11-21T03:01:22.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-28T18:59:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/19/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/23/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94491"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/23/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-18 06:29
Modified
2024-11-21 03:35
Severity ?
Summary
An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2017-03-21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2017-03-21:*:*:*:*:*:*:*",
"matchCriteriaId": "705E27F0-3D25-400A-995C-66CD08BC7D8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read."
},
{
"lang": "es",
"value": "Un problema, que tambi\u00e9n se conoce como DW201703-002, se detect\u00f3 en libdwarf el 21-03-2017. En la funci\u00f3n _dwarf_decode_s_leb128_chk() un puntero byte fue desreferenciado justo antes de comprobar que estuviera dentro de l\u00edmites, lo que conlleva a una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2017-9054",
"lastModified": "2024-11-21T03:35:13.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-18T06:29:00.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file."
},
{
"lang": "es",
"value": "La funci\u00f3n create_fullest_file_path en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (referencia de puntero NULL) a trav\u00e9s de un archivo dwarf manipulado."
}
],
"id": "CVE-2016-5029",
"lastModified": "2024-11-21T02:53:29.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_read_line_table_header en dwarf_line_table_reader.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-5035",
"lastModified": "2024-11-21T02:53:30.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-18 06:29
Modified
2024-11-21 03:35
Severity ?
Summary
An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2017-03-21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2017-03-21:*:*:*:*:*:*:*",
"matchCriteriaId": "705E27F0-3D25-400A-995C-66CD08BC7D8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function)."
},
{
"lang": "es",
"value": "Un problema, que tambi\u00e9n se conoce como DW201703-005, se detect\u00f3 en libdwarf el 21-03-2017. Una lectura excesiva de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n _dwarf_read_loc_expr_op() debido a un fallo al comprobar que un puntero este dentro de l\u00edmites (en algunos lugares de esta funci\u00f3n)."
}
],
"id": "CVE-2017-9053",
"lastModified": "2024-11-21T03:35:13.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-18T06:29:00.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-07 20:29
Modified
2024-11-21 02:38
Severity ?
Summary
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/12/10/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1291299 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/12/10/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1291299 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A285A020-CCA9-4E7E-ABC7-78F2A362F210",
"versionEndIncluding": "2015-11-14",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV)."
},
{
"lang": "es",
"value": "dwarf_leb.c en libdwarf presenta una vulnerabilidad que permite a atacantes remotos causar una denegaci\u00f3n de servicio (SIGSEGV)."
}
],
"id": "CVE-2015-8538",
"lastModified": "2024-11-21T02:38:41.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T20:29:00.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-28 11:29
Modified
2024-11-21 03:37
Severity ?
Summary
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/99310 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1465756 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99310 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1465756 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "491EF44F-D946-4569-BB66-45BE9C18E280",
"versionEndIncluding": "2017-06-28",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_decode_s_leb128_chk del archivo dward_leb.c en libdward hasta el 28-06-2017 permite a un atacante remoto causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) mediante la manipulaci\u00f3n del archivo."
}
],
"id": "CVE-2017-9998",
"lastModified": "2024-11-21T03:37:19.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-28T11:29:00.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99310"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465756"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-24 20:59
Modified
2024-11-21 02:53
Severity ?
Summary
dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1330237 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1330237 | Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2016-01-15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2016-01-15:*:*:*:*:*:*:*",
"matchCriteriaId": "44471294-3FC4-4550-A327-B6BA9B32DAA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file."
},
{
"lang": "es",
"value": "dwarf_form.c en libdwarf 20160115 permite a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo elf manipulado."
}
],
"id": "CVE-2016-5027",
"lastModified": "2024-11-21T02:53:28.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-24T20:59:00.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330237"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-15 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720D5B9E-31E8-43BD-86CF-C8D947DECED4",
"versionEndExcluding": "2016-11-24",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_get_size_of_val en libdwarf/dwarf_util.c en Libdwarf en versiones anteriores a 20161124 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) llamando al comando dwarfdump en un archivo manipulado."
}
],
"id": "CVE-2016-8679",
"lastModified": "2024-11-21T02:59:49.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T21:59:00.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93601"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385689"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n print_frame_inst_bytes en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-5031",
"lastModified": "2024-11-21T02:53:29.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 18:59
Modified
2024-11-21 03:00
Severity ?
Summary
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720D5B9E-31E8-43BD-86CF-C8D947DECED4",
"versionEndExcluding": "2016-11-24",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read)."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n _dwarf_skim_forms en libdwarf/dwarf_macro5.c en Libdwarf en versiones anteriores a 20161124 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites)."
}
],
"id": "CVE-2016-9275",
"lastModified": "2024-11-21T03:00:53.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T18:59:00.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94284"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394802"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-08 19:59
Modified
2024-11-21 02:47
Severity ?
Summary
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2015-11-14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8FD0DC-1010-440B-94A4-DA768505F2E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file."
},
{
"lang": "es",
"value": "La funci\u00f3n dwarf_read_cie_fde_prefix en dwarf_frame2.c en libdwarf 20151114 permite a atacantes causar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo de objeto ELF manipulado."
}
],
"id": "CVE-2016-2091",
"lastModified": "2024-11-21T02:47:47.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-08T19:59:07.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/28/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/28/8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section."
},
{
"lang": "es",
"value": "La funci\u00f3n dwarf_dealloc en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites y ca\u00edda) a trav\u00e9s de una secci\u00f3n DWARF manipulada."
}
],
"id": "CVE-2016-5043",
"lastModified": "2024-11-21T02:53:31.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_load_section en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia de puntero NULL) mediante un archivo manipulado."
}
],
"id": "CVE-2016-5037",
"lastModified": "2024-11-21T02:53:30.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-23 17:15
Modified
2024-11-21 07:09
Severity ?
Summary
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/davea42/libdwarf-code/issues/119 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/davea42/libdwarf-code/issues/119 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 0.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "448D8623-0083-42B9-A9D1-60A5BF2F6DE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b."
},
{
"lang": "es",
"value": "Se presenta una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria en libdwarf versi\u00f3n 0.4.0. Este problema est\u00e1 relacionado con dwarf_global_formref_b"
}
],
"id": "CVE-2022-34299",
"lastModified": "2024-11-21T07:09:15.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-23T17:15:18.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/issues/119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/davea42/libdwarf-code/issues/119"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n print_exprloc_content en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-5033",
"lastModified": "2024-11-21T02:53:29.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on."
},
{
"lang": "es",
"value": "La funci\u00f3n get_attr_value en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) a trav\u00e9s de un objeto manipulado con todos los bits activados."
}
],
"id": "CVE-2016-5039",
"lastModified": "2024-11-21T02:53:30.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-16 00:15
Modified
2025-02-06 17:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6630BE8D-91E7-4051-821E-E226DDAF768A",
"versionEndExcluding": "2020-10-17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object."
}
],
"id": "CVE-2020-27545",
"lastModified": "2025-02-06T17:15:11.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-16T00:15:07.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://sourceforge.net/projects/libdwarf/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://sourceforge.net/projects/libdwarf/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-763"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-763"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-17 17:59
Modified
2024-11-21 02:53
Severity ?
Summary
The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_calculate_info_section_end_ptr en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (referencia de puntero NULL) a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-5030",
"lastModified": "2024-11-21T02:53:29.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-17T17:59:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-16 19:29
Modified
2024-11-21 02:20
Severity ?
Summary
Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/12/31/3 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/01/03/14 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/71839 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1178725 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/12/31/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/01/03/14 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/71839 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1178725 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "857205DA-146F-4899-9388-29F5252F3A59",
"versionEndIncluding": "2014-08-05",
"versionStartIncluding": "2013-01-26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso de memoria previamente liberada en dwarfdump en libdwarf 20130126 hasta la versi\u00f3n 20140805 podr\u00eda permitir que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado del programa) mediante un archivo ELF manipulado."
}
],
"id": "CVE-2014-9482",
"lastModified": "2024-11-21T02:20:59.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-16T19:29:00.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/31/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71839"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/31/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/71839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-29 23:59
Modified
2024-11-21 03:01
Severity ?
Summary
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94980 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://sourceforge.net/p/libdwarf/bugs/5/ | Permissions Required | |
| cve@mitre.org | https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94980 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/libdwarf/bugs/5/ | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | 2016-10-21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:2016-10-21:*:*:*:*:*:*:*",
"matchCriteriaId": "D62123F5-62BB-4DAC-847D-FD407AF2ED8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the \"malformed dwarf file\" approach, related to a \"Heap Buffer Over-read\" issue affecting the dwarf_util.c component, aka DW201611-006."
},
{
"lang": "es",
"value": "libdwarf 2016-10-21 permite a atacantes dependientes del contexto obtener informaci\u00f3n sensible o provocar una denegaci\u00f3n de servicio usando el enfoque \"archivo peque\u00f1o mal formado\", relacionado con un problema \"Heap Buffer Over-read\" que afecta al componente dwarf_util.c, vulnerabilidad tambi\u00e9n conocida como DW201611-006."
}
],
"id": "CVE-2016-9480",
"lastModified": "2024-11-21T03:01:17.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-29T23:59:00.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94980"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-10 16:59
Modified
2024-11-21 02:53
Severity ?
Summary
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/24/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/25/1 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522B980D-FDDC-46D0-8D20-A56FB9F5E5BE",
"versionEndExcluding": "2016-09-23",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name."
},
{
"lang": "es",
"value": "dwarf_macro5.c en libdwarf en versiones anteriores a 20160923 permite que los atacantes remotos provoquen una denegaci\u00f3n de servicio (referencia a puntero NULL) por medio de una entrada de informaci\u00f3n de depuraci\u00f3n usando DWARF5 y sin un DW_AT_name."
}
],
"id": "CVE-2016-5041",
"lastModified": "2024-11-21T02:53:31.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-10T16:59:00.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-15 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD2F29E1-1F82-4737-B5EE-8DA8A1F6A9B7",
"versionEndIncluding": "2016-10-01",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_get_abbrev_for_code en dwarf_util.c en libdwarf 20161001 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) llamando al comando dwarfdump en un archivo manipulado."
}
],
"id": "CVE-2016-8680",
"lastModified": "2024-11-21T02:59:49.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T21:59:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93595"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385686"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-13 18:59
Modified
2024-11-21 02:39
Severity ?
Summary
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/01/07/11 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1294264 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697 | Broken Link, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/01/07/11 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1294264 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697 | Broken Link, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A285A020-CCA9-4E7E-ABC7-78F2A362F210",
"versionEndIncluding": "2015-11-14",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file."
},
{
"lang": "es",
"value": "Libdwarf 20151114 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda) a trav\u00e9s de una secci\u00f3n debug_abbrev marcada NOBITS en un archivo ELF."
}
],
"id": "CVE-2015-8750",
"lastModified": "2024-11-21T02:39:06.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T18:59:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/11"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1294264"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1294264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-16 00:15
Modified
2025-02-06 17:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/ | Product | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=2026000 | Issue Tracking, Permissions Required, Third Party Advisory | |
| cve@mitre.org | https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3 | Patch | |
| cve@mitre.org | https://www.prevanders.net/dwarfbug.html#DW202010-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2026000 | Issue Tracking, Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.prevanders.net/dwarfbug.html#DW202010-003 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "943A7698-9618-4025-80CB-D1D2C70345BA",
"versionEndExcluding": "2020-12-01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname."
}
],
"id": "CVE-2020-28163",
"lastModified": "2025-02-06T17:15:11.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-16T00:15:07.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 18:59
Modified
2024-11-21 03:00
Severity ?
Summary
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720D5B9E-31E8-43BD-86CF-C8D947DECED4",
"versionEndExcluding": "2016-11-24",
"versionStartIncluding": "1999-12-14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read)."
},
{
"lang": "es",
"value": "La funci\u00f3n dwarf_get_aranges_list en dwarf_arrange.c en Libdwarf en versiones anteriores a 20161124 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites)."
}
],
"id": "CVE-2016-9276",
"lastModified": "2024-11-21T03:00:53.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T18:59:00.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94284"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394804"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-15 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libdwarf_project | libdwarf | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A40BF278-0E17-47F6-93BB-6D2F35D1CEE3",
"versionEndIncluding": "2016-10-01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n _dwarf_get_abbrev_for_code en dwarf_util.c en libdwarf 20161001 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) llamando al comando dwarfdump en un archivo manipulado."
}
],
"id": "CVE-2016-8681",
"lastModified": "2024-11-21T02:59:49.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T21:59:00.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93592"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-9053
Vulnerability from cvelistv5
Published
2017-05-18 06:13
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-18T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "MISC",
"url": "https://www.prevanders.net/dwarfbug.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9053",
"datePublished": "2017-05-18T06:13:00",
"dateReserved": "2017-05-18T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5035
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5035",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7511
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html#DW201609-002 | x_refsource_CONFIRM | |
| https://sourceforge.net/p/libdwarf/bugs/3/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW201609-002"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW201609-002"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html#DW201609-002",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html#DW201609-002"
},
{
"name": "https://sourceforge.net/p/libdwarf/bugs/3/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/bugs/3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7511",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28163
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2025-02-06 16:20
Severity ?
EPSS score ?
Summary
libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:57.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-003"
},
{
"tags": [
"x_transferred"
],
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-28163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:19:10.610311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:20:12.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3"
},
{
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-003"
},
{
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026000"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28163",
"datePublished": "2023-04-15T00:00:00.000Z",
"dateReserved": "2020-11-02T00:00:00.000Z",
"dateUpdated": "2025-02-06T16:20:12.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9998
Vulnerability from cvelistv5
Published
2017-06-28 11:14
Modified
2024-08-05 17:25
Severity ?
EPSS score ?
Summary
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1465756 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/99310 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465756"
},
{
"name": "99310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465756"
},
{
"name": "99310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99310"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1465756",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465756"
},
{
"name": "99310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99310"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9998",
"datePublished": "2017-06-28T11:14:00",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8679
Vulnerability from cvelistv5
Published
2017-02-15 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1385689 | x_refsource_CONFIRM | |
| https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/93601 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/10/16/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/"
},
{
"name": "93601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93601"
},
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/"
},
{
"name": "93601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93601"
},
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385689",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385689"
},
{
"name": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/"
},
{
"name": "93601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93601"
},
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8679",
"datePublished": "2017-02-15T21:00:00",
"dateReserved": "2016-10-15T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5043
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5043",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8680
Vulnerability from cvelistv5
Published
2017-02-15 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1385686 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/16/4 | mailing-list, x_refsource_MLIST | |
| https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93595 | vdb-entry, x_refsource_BID | |
| https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385686"
},
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2"
},
{
"name": "93595",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93595"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385686"
},
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2"
},
{
"name": "93595",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93595"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385686",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385686"
},
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/4"
},
{
"name": "https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2"
},
{
"name": "93595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93595"
},
{
"name": "https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8680",
"datePublished": "2017-02-15T21:00:00",
"dateReserved": "2016-10-15T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8538
Vulnerability from cvelistv5
Published
2017-06-07 20:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1291299 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/12/10/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299"
},
{
"name": "[oss-security] 20151210 Re: CVE request - a out of bound read bug is found in libdwarf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-07T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299"
},
{
"name": "[oss-security] 20151210 Re: CVE request - a out of bound read bug is found in libdwarf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291299"
},
{
"name": "[oss-security] 20151210 Re: CVE request - a out of bound read bug is found in libdwarf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/10/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8538",
"datePublished": "2017-06-07T20:00:00",
"dateReserved": "2015-12-10T00:00:00",
"dateUpdated": "2024-08-06T08:20:42.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9055
Vulnerability from cvelistv5
Published
2017-05-18 06:13
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-18T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "MISC",
"url": "https://www.prevanders.net/dwarfbug.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9055",
"datePublished": "2017-05-18T06:13:00",
"dateReserved": "2017-05-18T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27545
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2025-02-06 16:23
Severity ?
EPSS score ?
Summary
libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceforge.net/projects/libdwarf/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-001"
},
{
"tags": [
"x_transferred"
],
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-27545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:21:36.125743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763 Release of Invalid Pointer or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:23:01.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sourceforge.net/projects/libdwarf/"
},
{
"url": "https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea"
},
{
"url": "https://www.prevanders.net/dwarfbug.html#DW202010-001"
},
{
"url": "http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025694"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27545",
"datePublished": "2023-04-15T00:00:00.000Z",
"dateReserved": "2020-10-21T00:00:00.000Z",
"dateUpdated": "2025-02-06T16:23:01.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5037
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5037",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9558
Vulnerability from cvelistv5
Published
2017-02-28 18:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/11/19/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94491 | vdb-entry, x_refsource_BID | |
| https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2016/11/23/3 | mailing-list, x_refsource_MLIST | |
| https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20161119 libdwarf: negation overflow in dwarf_leb.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/19/6"
},
{
"name": "94491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/"
},
{
"name": "[oss-security] 20161122 Re: libdwarf: negation overflow in dwarf_leb.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/23/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a \"negation overflow.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-28T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20161119 libdwarf: negation overflow in dwarf_leb.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/19/6"
},
{
"name": "94491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/"
},
{
"name": "[oss-security] 20161122 Re: libdwarf: negation overflow in dwarf_leb.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/23/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a \"negation overflow.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20161119 libdwarf: negation overflow in dwarf_leb.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/19/6"
},
{
"name": "94491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94491"
},
{
"name": "https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/"
},
{
"name": "[oss-security] 20161122 Re: libdwarf: negation overflow in dwarf_leb.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/23/3"
},
{
"name": "https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9558",
"datePublished": "2017-02-28T18:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5028
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5028",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5029
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5029",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9275
Vulnerability from cvelistv5
Published
2017-03-23 18:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/11/11/7 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1394802 | x_refsource_CONFIRM | |
| https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c | x_refsource_MISC | |
| https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94284 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161111 Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"name": "94284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20161111 Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"name": "94284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161111 Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1394802",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394802"
},
{
"name": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c"
},
{
"name": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"name": "94284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9275",
"datePublished": "2017-03-23T18:00:00",
"dateReserved": "2016-11-11T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9482
Vulnerability from cvelistv5
Published
2018-01-16 19:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/03/14 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/12/31/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1178725 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/71839 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150103 Re: CVE Request, Use after free vulnerability in Dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/14"
},
{
"name": "[oss-security] 20141231 CVE Request, Use after free vulnerability in Dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/31/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178725"
},
{
"name": "71839",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150103 Re: CVE Request, Use after free vulnerability in Dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/14"
},
{
"name": "[oss-security] 20141231 CVE Request, Use after free vulnerability in Dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/31/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178725"
},
{
"name": "71839",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150103 Re: CVE Request, Use after free vulnerability in Dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/14"
},
{
"name": "[oss-security] 20141231 CVE Request, Use after free vulnerability in Dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/31/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1178725",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178725"
},
{
"name": "71839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9482",
"datePublished": "2018-01-16T19:00:00",
"dateReserved": "2015-01-03T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5033
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5033",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32200
Vulnerability from cvelistv5
Published
2022-06-01 05:12
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_MISC | |
| https://github.com/davea42/libdwarf-code/issues/116 | x_refsource_MISC | |
| https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/issues/116"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T05:12:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davea42/libdwarf-code/issues/116"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "MISC",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "https://github.com/davea42/libdwarf-code/issues/116",
"refsource": "MISC",
"url": "https://github.com/davea42/libdwarf-code/issues/116"
},
{
"name": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069",
"refsource": "MISC",
"url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32200",
"datePublished": "2022-06-01T05:12:58",
"dateReserved": "2022-06-01T00:00:00",
"dateUpdated": "2024-08-03T07:32:56.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9054
Vulnerability from cvelistv5
Published
2017-05-18 06:13
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-18T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "MISC",
"url": "https://www.prevanders.net/dwarfbug.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9054",
"datePublished": "2017-05-18T06:13:00",
"dateReserved": "2017-05-18T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5032
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5032",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5042
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1332145 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5042",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9276
Vulnerability from cvelistv5
Published
2017-03-23 18:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/11/11/9 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1394804 | x_refsource_CONFIRM | |
| https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94284 | vdb-entry, x_refsource_BID | |
| https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161111 Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394804"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"name": "94284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20161111 Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394804"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"name": "94284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161111 Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1394804",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1394804"
},
{
"name": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/"
},
{
"name": "94284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94284"
},
{
"name": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9276",
"datePublished": "2017-03-23T18:00:00",
"dateReserved": "2016-11-11T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5041
Vulnerability from cvelistv5
Published
2017-04-10 16:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5041",
"datePublished": "2017-04-10T16:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8750
Vulnerability from cvelistv5
Published
2017-02-13 18:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1294264 | x_refsource_CONFIRM | |
| https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/07/11 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1294264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697"
},
{
"name": "[oss-security] 20160107 Re: CVE request -- NULL dereference in libdwarf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-13T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1294264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697"
},
{
"name": "[oss-security] 20160107 Re: CVE request -- NULL dereference in libdwarf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1294264",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1294264"
},
{
"name": "https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697",
"refsource": "CONFIRM",
"url": "https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697"
},
{
"name": "[oss-security] 20160107 Re: CVE request -- NULL dereference in libdwarf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/07/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8750",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-06T08:29:21.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5036
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5036",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7410
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/13/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/15/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/92971 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160914 CVE request -libdwarf 06/13/2016 heap-buffer-overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/13/5"
},
{
"name": "[oss-security] 20160915 Re: CVE request -libdwarf 06/13/2016 heap-buffer-overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/3"
},
{
"name": "92971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-24T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160914 CVE request -libdwarf 06/13/2016 heap-buffer-overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/13/5"
},
{
"name": "[oss-security] 20160915 Re: CVE request -libdwarf 06/13/2016 heap-buffer-overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/3"
},
{
"name": "92971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160914 CVE request -libdwarf 06/13/2016 heap-buffer-overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/13/5"
},
{
"name": "[oss-security] 20160915 Re: CVE request -libdwarf 06/13/2016 heap-buffer-overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/3"
},
{
"name": "92971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7410",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5039
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5039",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5027
Vulnerability from cvelistv5
Published
2017-02-24 20:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1330237 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330237"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-24T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330237"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1330237",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330237"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5027",
"datePublished": "2017-02-24T20:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2091
Vulnerability from cvelistv5
Published
2016-02-08 19:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/19/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/28/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160119 Re:Re: Buffer Overflow in lha compression utility",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/3"
},
{
"name": "[oss-security] 20160128 Re: an out of bound read is found in libdwarf -20151114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/28/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-08T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160119 Re:Re: Buffer Overflow in lha compression utility",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/3"
},
{
"name": "[oss-security] 20160128 Re: an out of bound read is found in libdwarf -20151114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/28/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160119 Re:Re: Buffer Overflow in lha compression utility",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/3"
},
{
"name": "[oss-security] 20160128 Re: an out of bound read is found in libdwarf -20151114",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/28/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2091",
"datePublished": "2016-02-08T19:00:00",
"dateReserved": "2016-01-28T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5044
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5044",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5034
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5034",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9052
Vulnerability from cvelistv5
Published
2017-05-18 06:13
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98553 | vdb-entry, x_refsource_BID | |
| https://www.prevanders.net/dwarfbug.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:21.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98553"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list()."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-24T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98553"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.prevanders.net/dwarfbug.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98553"
},
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "MISC",
"url": "https://www.prevanders.net/dwarfbug.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9052",
"datePublished": "2017-05-18T06:13:00",
"dateReserved": "2017-05-18T00:00:00",
"dateUpdated": "2024-08-05T16:55:21.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7510
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1377015 | x_refsource_MISC | |
| https://sourceforge.net/p/libdwarf/bugs/4/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/4/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377015"
},
{
"name": "https://sourceforge.net/p/libdwarf/bugs/4/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/bugs/4/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7510",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5038
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5038",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5040
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5040",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2050
Vulnerability from cvelistv5
Published
2017-01-31 19:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/19/9 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/25/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:49.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160119 Fwd: out of bound write in libdwarf -20151114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/9"
},
{
"name": "[oss-security] 20160125 Re: Fwd: out of bound write in libdwarf -20151114",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-31T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160119 Fwd: out of bound write in libdwarf -20151114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/9"
},
{
"name": "[oss-security] 20160125 Re: Fwd: out of bound write in libdwarf -20151114",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160119 Fwd: out of bound write in libdwarf -20151114",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/9"
},
{
"name": "[oss-security] 20160125 Re: Fwd: out of bound write in libdwarf -20151114",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2050",
"datePublished": "2017-01-31T19:00:00",
"dateReserved": "2016-01-24T00:00:00",
"dateUpdated": "2024-08-05T23:17:49.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5030
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5030",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8681
Vulnerability from cvelistv5
Published
2017-02-15 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/16/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93592 | vdb-entry, x_refsource_BID | |
| https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/ | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1385690 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/5"
},
{
"name": "93592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/5"
},
{
"name": "93592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161015 Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/5"
},
{
"name": "93592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93592"
},
{
"name": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385690"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-8681",
"datePublished": "2017-02-15T21:00:00",
"dateReserved": "2016-10-15T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9480
Vulnerability from cvelistv5
Published
2016-11-29 23:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ | x_refsource_CONFIRM | |
| https://sourceforge.net/p/libdwarf/bugs/5/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94980 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/5/"
},
{
"name": "94980",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the \"malformed dwarf file\" approach, related to a \"Heap Buffer Over-read\" issue affecting the dwarf_util.c component, aka DW201611-006."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-26T01:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/libdwarf/bugs/5/"
},
{
"name": "94980",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the \"malformed dwarf file\" approach, related to a \"Heap Buffer Over-read\" issue affecting the dwarf_util.c component, aka DW201611-006."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/"
},
{
"name": "https://sourceforge.net/p/libdwarf/bugs/5/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libdwarf/bugs/5/"
},
{
"name": "94980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9480",
"datePublished": "2016-11-29T23:00:00",
"dateReserved": "2016-11-21T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5031
Vulnerability from cvelistv5
Published
2017-02-17 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.prevanders.net/dwarfbug.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/25/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "CONFIRM",
"url": "https://www.prevanders.net/dwarfbug.html"
},
{
"name": "[oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/1"
},
{
"name": "[oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf \u0026 dwarfdump",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5031",
"datePublished": "2017-02-17T17:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-34299
Vulnerability from cvelistv5
Published
2022-06-22 14:35
Modified
2024-08-03 09:07
Severity ?
EPSS score ?
Summary
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/davea42/libdwarf-code/issues/119 | x_refsource_MISC | |
| https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/issues/119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-22T14:35:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davea42/libdwarf-code/issues/119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/davea42/libdwarf-code/issues/119",
"refsource": "MISC",
"url": "https://github.com/davea42/libdwarf-code/issues/119"
},
{
"name": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162",
"refsource": "MISC",
"url": "https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34299",
"datePublished": "2022-06-22T14:35:21",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T09:07:16.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39170
Vulnerability from cvelistv5
Published
2022-09-02 02:28
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/davea42/libdwarf-code/issues/132 | x_refsource_MISC | |
| https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:42.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/issues/132"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8"
},
{
"name": "FEDORA-2022-273a86adf0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-18T01:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davea42/libdwarf-code/issues/132"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8"
},
{
"name": "FEDORA-2022-273a86adf0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-39170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/davea42/libdwarf-code/issues/132",
"refsource": "MISC",
"url": "https://github.com/davea42/libdwarf-code/issues/132"
},
{
"name": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8",
"refsource": "MISC",
"url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8"
},
{
"name": "FEDORA-2022-273a86adf0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-39170",
"datePublished": "2022-09-02T02:28:53",
"dateReserved": "2022-09-02T00:00:00",
"dateUpdated": "2024-08-03T12:00:42.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14249
Vulnerability from cvelistv5
Published
2019-07-24 03:30
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/libdwarf/code/merge-requests/4/ | x_refsource_MISC | |
| https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/109380 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/code/merge-requests/4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599"
},
{
"name": "109380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-26T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/libdwarf/code/merge-requests/4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599"
},
{
"name": "109380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/libdwarf/code/merge-requests/4/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/libdwarf/code/merge-requests/4/"
},
{
"name": "https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599",
"refsource": "MISC",
"url": "https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba/tree/libdwarf/dwarf_elf_load_headers.c?diff=99e77c3894877a1dd80b82808d8309eded4e5599"
},
{
"name": "109380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14249",
"datePublished": "2019-07-24T03:30:18",
"dateReserved": "2019-07-23T00:00:00",
"dateUpdated": "2024-08-05T00:12:43.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}