Описание
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
A double-free vulnerability was found in libdwarf's dwarf_expand_frame_instructions() function of the dwarf_frame.c file. A carefully crafted object file could cause the ‘dwarfdump' utility to do a double free in handling an error condition. This issue could cause a segmentation violation or other major error, terminating the calling application and resulting in a denial of service.
Отчет
The vulnerable code was introduced upstream in libdwarf-0.3.0, and later, Red Hat ships lower versions of libdwarf, which do not contain the vulnerable code. Hence, versions of libdwarf shipped with Red Hat Enterprise Linux 7 & 8 are not affected by this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | libdwarf | Not affected | ||
| Red Hat Enterprise Linux 8 | libdwarf | Not affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
6.5 Medium
CVSS3