oss-sec mailing list archives

Re: CVE request -- NULL dereference in libdwarf

From: cve-assign () mitre org
Date: Thu, 7 Jan 2016 18:55:25 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

we report  a NULL dereference in libdwarf  which is found by Qixue Xiao.

https://bugzilla.redhat.com/show_bug.cgi?id=1294264

https://bugzilla.redhat.com/show_bug.cgi?id=1294264#c2

The problem is that the debug_abbrev section is marked as NOBITS in
the ELF file - in other words as a zero-init section rather than a
section with contents in the file.

That is clearly bogus, but obviously shouldn't crash

http://www.prevanders.net/dwarf.html

Work In Progress 2015-12-30

Thanks to Tom Hughes for bringing a problem reading a
badly-damaged (fuzzed) elf object to my attention: now libdwarf
gets an error not a coredump.

https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697


Use CVE-2015-8750.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWjvojAAoJEL54rhJi8gl5BwoP/2yl38aXiRB772a3+OhHyfsa
1DiUFglVG5/1QnLAcG3jOzTnXxHje7f3pTKbCv2csbBtiQmAMDT70OKSCxA2E96q
rbpKnysRbfT8AYZ76mSQCKE1tPwE+ZBG730DrHyhsUWm+cTLh+gYUX6tV7BFPbU2
mQOhI00YpFZ8U/20W1ri8cAHvQ4CJCi2Ta2EViZ4Y7v58fbapeI3MUnR0DifKlUj
ob1tpmfIL3N1OAFFo9vYNGM6xgxfuZoVbNOUoAYeXagsAsHfivpDwhSeeZNCeUsf
58qfI9OhYZWj6xHopPDQ8K1QD+e9g9VpnUepgB319OssgI6pcjG49i4tNVva4JO3
jTNQ+UpvbeoLYOOr80FtYjr51CfwgX3XkcZvz/wsSulLDPhTeqKZz4Q69JKCC2Ib
R2Oby2Hs9476yj28jF9Sg9Ekf2y2vVpqfv5JhQy08Nhx43xUurhgCsBUhixoHgwQ
5E7NT+iMQtRiJN2Ucu/2mK9A9z6RYmEAmaHQx/aRWUfLFNeoynWE/1xJ/3tUvPJT
FsVP8bI6OAq0VDzqNhMJIDTOLlQjfLo6gUTEmuiuW0jjWh5NUV96EJBaZSfQsoFx
//oSh9MOJfiQlfPhb7ws+l/Ae13QwUeOVZ77jkWKxgPlxC2ZzMtQJrsx0MVI+7wM
s9ovDcDoapmCIhtkv/JQ
=oEHA
-----END PGP SIGNATURE-----

Current thread:

CVE request -- NULL dereference in libdwarf xiaoqixue_1 (Jan 06)
- Re: CVE request -- NULL dereference in libdwarf cve-assign (Jan 07)