ID CVE-2016-2091
Summary The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
References
Vulnerable Configurations
  • libdwarf Project libdwarf 2015-11-14
    cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14
CVSS
Base: 4.3 (as of 01-03-2016 - 14:30)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-F36C5935E5.NASL
    description Update to 20160507 release - fixes many outstanding crash bugs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-15
    plugin id 92205
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92205
    title Fedora 24 : libdwarf (2016-f36c5935e5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-669.NASL
    description Several vulnerabilities were discovered in dwarfutils, a tool and library for reading/consuming and writing/producing DWARF debugging information. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-8538 A specially crafted ELF file can cause a segmentation fault. CVE-2015-8750 A specially crafted ELF file can cause a NULL pointer dereference. CVE-2016-2050 Out-of-bounds write CVE-2016-2091 Out-of-bounds read CVE-2016-5034 Out-of-bounds write CVE-2016-5036 Out-of-bounds read CVE-2016-5038 Out-of-bounds read CVE-2016-5039 Out-of-bounds read CVE-2016-5042 A specially crafted DWARF section can cause an infinite loop, reading from increasing memory addresses until the application crashes. For Debian 7 'Wheezy', these problems have been fixed in version 20120410-2+deb7u2. We recommend that you upgrade your dwarfutils packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 94143
    published 2016-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94143
    title Debian DLA-669-1 : dwarfutils security update
refmap via4
mlist
  • [oss-security] 20160119 Re:Re: Buffer Overflow in lha compression utility
  • [oss-security] 20160128 Re: an out of bound read is found in libdwarf -20151114
Last major update 04-03-2016 - 13:01
Published 08-02-2016 - 14:59
Last modified 02-10-2019 - 15:58
Back to Top