CVE-2016-2050 - The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of

CVE-2016-2050

Summary

The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.

References

http://www.openwall.com/lists/oss-security/2016/01/25/3
http://www.openwall.com/lists/oss-security/2016/01/19/9

Vulnerable Configurations

cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14:*:*:*:*:*:*:*
cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 01-03-2022 - 18:51)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

mlist

[oss-security] 20160119 Fwd: out of bound write in libdwarf -20151114
[oss-security] 20160125 Re: Fwd: out of bound write in libdwarf -20151114

Last major update

01-03-2022 - 18:51

Published

31-01-2017 - 19:59

Last modified

01-03-2022 - 18:51