oss-sec mailing list archives
Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)
From: <cve-assign () mitre org>
Date: Fri, 11 Nov 2016 12:45:32 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ AddressSanitizer: heap-buffer-overflow READ of size 2
Use CVE-2016-9276 for this buffer over-read. Although the commit is the same as for CVE-2016-9275, fixing CVE-2016-9276 apparently requires the dwarf_arange.c part of the commit. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYJgKbAAoJEHb/MwWLVhi28eMP/01xy9Xb5cx1Nekg36i2fkrn rqfRioDonkNhjjB2hHszRn7TJkXKAMzxWdPJhuMTsYlo8R9jwBy0jyZmSNXi+5gL 1ms14sa2pZnOo6PdO/FfyPSDjBqVR/2tj0E3mrVXtvQWhwZj7F8723y7dEWQJ6FS u8RKcqYep/YC+sCNgF2cnSHmHdzOL7DgIBOmDCshfWMx2aAtbKuvysGTfM4Sj7xU 28ZLvI7EzKyxB0BMfTnl/cNzmOdcVXxUwd8uw1u5U0xKqSqXHcTqpxjZt7Jl+4Jk xy3qbyN+O2yrZJVsDhiR+lt0iRmodQov4m4bpHTnET8wglV3Vv6Amtkax79AzxCn QKGNy02tL8RiMBLscxETJa5MUm8MNrsASPpKQvhodcOtMCapCb6NctuvNbxII5XQ AIeDxn/5ElfNgKaJst4ou9nwuZYfSe91XS97bWX7d3IJnLECFrcDB6NC3LWqgBv9 Y534JH13OhruCrEuSr1cNUu3k1kLsNUyRHzMpUU+q6A0Q8ni5Kq1cL20BI3zku/f ioKxPBUFaO3VGmnVPAOQdF70yokgrelUMxsr0rEbPwz2+R6AgAW2ICF/v2k/EP7D sd80M5oB0j/5fUnbhC1mcT/sFVOl4ggi+BXtsF4QRXZ0vt5/rga2F3fy493yRdLw NUJoJIaWp3qUr6VViDeP =IOf0 -----END PGP SIGNATURE-----
Current thread:
- libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c) Agostino Sarubbo (Nov 09)
- Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c) cve-assign (Nov 11)