Описание
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
A buffer-overflow vulnerability was found in libdwarf's dwarf_global_formref_b() function in dwarf_form.c. A carefully crafted .debug_info causes libdwarf to read outside a buffer containing a Dwarf_Sig8 symbolic reference. This issue can cause a segmentation violation or other major error, terminating the calling application and resulting in a denial of service.
Отчет
The bug has been present since DWARF4 when DW_FORM_ref_sig8 was added to libdwarf. But, in our code-base, we cannot handle this functionality yet. There is no presence of vulnerable code in our code-base. Hence, versions of libdwarf shipped with Red Hat Enterprise Linux 7 & 8 are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | libdwarf | Not affected | ||
| Red Hat Enterprise Linux 8 | libdwarf | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.
EPSS
7.1 High
CVSS3