oss-sec mailing list archives
Re: Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c)
From: Agostino Sarubbo <ago () gentoo org>
Date: Sat, 12 Nov 2016 11:52:09 +0100
On Friday 11 November 2016 12:43:58 cve-assign () mitre org wrote:
We would need more impact analysis before assigning a CVE ID for this. It seems to affect only the dwarfdump command-line program, not library code that is used in arbitrary applications.
That's right. The problem is only in the command line utility and not in any library. As it is a buffer over read of 1, it is fine for me to don't have a cve for this issue but I shared because distro(s) would have the patch aboard. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) Agostino Sarubbo (Nov 09)
- Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) cve-assign (Nov 11)
- Re: Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) Agostino Sarubbo (Nov 12)
- Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) cve-assign (Nov 11)