Описание
A flaw was found in libdwarf. An attacker may use a specially-crafted file to trigger a use-after-free condition, which can potentially lead to an application crash or other unexpected behavior.
Отчет
The use-after-free vulnerability in libdwarf, specifically within the dw_empty_errlist_item function in dwarf_alloc.c, is classified as a moderate severity issue due to its potential impact on application stability and integrity. While use-after-free vulnerabilities can lead to unpredictable behavior, crashes, or potential code execution, exploiting this flaw requires crafting a specially-crafted file and triggering the vulnerability through specific conditions. Additionally, the vulnerability is limited to the context of applications utilizing libdwarf for DWARF debugging information processing. While the risk is significant for affected applications, the complexity and specific conditions required for exploitation mitigate the severity to moderate.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | libdwarf | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libdwarf | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2002. Reason: This candidate is a duplicate of CVE-2024-2002. Notes: All CVE users should reference CVE-2024-2002 instead of this candidate.
Libdwarf v0.9.1 was discovered to contain a heap use-after-free via the dw_empty_errlist_item function at /libdwarf/dwarf_alloc.c.
5.5 Medium
CVSS3