oss-sec mailing list archives
Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE)
From: cve-assign () mitre org
Date: Sat, 15 Oct 2016 22:50:34 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/
AddressSanitizer: heap-buffer-overflow ... READ of size 1 libdwarf/dwarf_util.c:590:9 in _dwarf_get_abbrev_for_code
Commit fix: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13 and then https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2 (because of a mistake)
Use CVE-2016-8681. (This has the same fix as CVE-2016-8679 but seems distinct.) - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYAuddAAoJEHb/MwWLVhi2l7EP/1T9zeweglEA9u8ZOy49fD+0 7dTVP84wg1PDV20ox6rFpO8cULGEkBdpeCKbmhloMDV8A1B1S0a/FkKzSuzJ8ib2 s770i5d1tLYHMoavotL94ta7rnoh65ePtbCSIyH4FWD74IUu+pVxvNrsEfXG2jiJ I5DdWRIJAOEpws0XNVSsoOogyQiJ5FEwRsUFeZwN5q5sdjtGXDqit0YMmDjrBJYu 6xMUh3LouC1S2kJ3R5LOMcPg/hzMcConeiRM3DYyn/30KiFxWwiTnrFBOkfwEBLs F+UIfrYbGi21bywCmVb0pdRZzcdOuQQDaHDfBxjmJg9jFk/Jf8WXvJM0ArMFBWzN 05FqkcCBYAdXMmPoPykVEtOKNMvnxQKll3L5WnizKY500oafNiFoR5+CmqQCr958 gBMCQQnZqP0BSLZb4GDFwdXKl0dWYbvnyw7VJ7xV4an05hJ2U1xDPDDiltZ4irxQ MNjxnG57ByTv8zV5s5HuxHdm59Ud29vQU3fDVvDOkBIajxlLQ/Da/PzRk0uREpTu vwcSkyfda0FZsLhV/xjVghHVexbIBGxQ8+7De/myAM6PHcf970dyTMDKtToVDzB2 3/I9DmTr6wSnAPjPXCQL+93HC5dytjjqg4JTCAthKGvS82iPlNZ7+b57mosxgXow 9GmBfxF8pSb6AJ0AxCnD =RxUq -----END PGP SIGNATURE-----
Current thread:
- libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE) Agostino Sarubbo (Oct 08)
- Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE) cve-assign (Oct 15)