ID CVE-2016-5039
Summary The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.
References
Vulnerable Configurations
  • Libdwarf Project Libdwarf 20160613
    cpe:2.3:a:libdwarf_project:libdwarf:20160613
CVSS
Base: 5.0 (as of 21-02-2017 - 11:35)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DLA-669.NASL
description Several vulnerabilities were discovered in dwarfutils, a tool and library for reading/consuming and writing/producing DWARF debugging information. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-8538 A specially crafted ELF file can cause a segmentation fault. CVE-2015-8750 A specially crafted ELF file can cause a NULL pointer dereference. CVE-2016-2050 Out-of-bounds write CVE-2016-2091 Out-of-bounds read CVE-2016-5034 Out-of-bounds write CVE-2016-5036 Out-of-bounds read CVE-2016-5038 Out-of-bounds read CVE-2016-5039 Out-of-bounds read CVE-2016-5042 A specially crafted DWARF section can cause an infinite loop, reading from increasing memory addresses until the application crashes. For Debian 7 'Wheezy', these problems have been fixed in version 20120410-2+deb7u2. We recommend that you upgrade your dwarfutils packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2019-02-21
modified 2018-07-10
plugin id 94143
published 2016-10-20
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=94143
title Debian DLA-669-1 : dwarfutils security update
refmap via4
confirm https://www.prevanders.net/dwarfbug.html
mlist
  • [oss-security] 20160524 CVE request: Multiple vunerabilities in libdwarf & dwarfdump
  • [oss-security] 20160524 Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump
Last major update 22-02-2017 - 12:47
Published 17-02-2017 - 12:59
Back to Top