ID CVE-2016-2050
Summary The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.
References
Vulnerable Configurations
  • cpe:2.3:a:libdwarf_project:libdwarf:20151114
    cpe:2.3:a:libdwarf_project:libdwarf:20151114
CVSS
Base: 4.3 (as of 02-02-2017 - 14:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-F36C5935E5.NASL
    description Update to 20160507 release - fixes many outstanding crash bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-15
    plugin id 92205
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92205
    title Fedora 24 : libdwarf (2016-f36c5935e5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-669.NASL
    description Several vulnerabilities were discovered in dwarfutils, a tool and library for reading/consuming and writing/producing DWARF debugging information. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-8538 A specially crafted ELF file can cause a segmentation fault. CVE-2015-8750 A specially crafted ELF file can cause a NULL pointer dereference. CVE-2016-2050 Out-of-bounds write CVE-2016-2091 Out-of-bounds read CVE-2016-5034 Out-of-bounds write CVE-2016-5036 Out-of-bounds read CVE-2016-5038 Out-of-bounds read CVE-2016-5039 Out-of-bounds read CVE-2016-5042 A specially crafted DWARF section can cause an infinite loop, reading from increasing memory addresses until the application crashes. For Debian 7 'Wheezy', these problems have been fixed in version 20120410-2+deb7u2. We recommend that you upgrade your dwarfutils packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 94143
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94143
    title Debian DLA-669-1 : dwarfutils security update
refmap via4
mlist
  • [oss-security] 20160119 Fwd: out of bound write in libdwarf -20151114
  • [oss-security] 20160125 Re: Fwd: out of bound write in libdwarf -20151114
Last major update 05-02-2017 - 15:34
Published 31-01-2017 - 14:59
Back to Top