Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Jan 2016 11:45:12 -0500 (EST)
From: cve-assign@...re.org
To: xiaoqixue_1@....com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: an out of bound read is found in libdwarf -20151114

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

[ The Subject line was changed from the original
"Re:Re: Buffer Overflow in lha compression utility" because that
was unrelated to the topic. ]

> http://www.openwall.com/lists/oss-security/2016/01/19/3

> an out of bound read is found in libdwarf -20151114.
> 
> *** DWARF CHECK: DW_DLE_DEBUG_FRAME_LENGTH_NOT_MULTIPLE
> len=0x00000010, len size=0x00000004, extn size=0x00000000, totl
> length=0x00000014, addr size=0x00000008, mod=0x00000004 must be zero
> in cie, offset 0x00000000. ***
> 7   ==53495== Invalid read of size 2
>   1 ==53495==    at 0x4C2F7E0: memcpy@...IBC_2.14 (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
>   2 ==53495==    by 0x43287F: dwarf_read_cie_fde_prefix (dwarf_frame2.c:934)

Use CVE-2016-2091.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWqkTOAAoJEL54rhJi8gl5rSQP/jeiWzTqajFg+zQat/7oiqrF
dEclF+0xce6DBqrRwdqW+K5rYDiOFgjpXTzIJytQ02ekrsL0kgKuBOJIDtde8C3/
wx2anCEr+AbdUwyUjGvKnfyq+VO5ArA/tgvzNuOE5lLS/UlUUDKoYeJQK4olahAc
k7Lw16y6u61d4eNzDfdE85RFa4ze+TVEC1rIt2rq3dXCxIf81GFvifVXvesgG2td
EEwnDJUMRAL4fFBsYqZf5uU19B6QqWIRj9Yxmaeo6Levk5ssAqWk88DJgJcaxM2s
S8hUjMKT25vvXRLmwqklA9Mg6Fv4eAdeQQ9jJ8l7u/g7u/jDr+MC+6FWuP02aO1S
xbAf4PIFHp/e/zjmUJ2V52nbcYuIWjo5HdacTuHNEJS7HkmGfOTbwPHYqiAGzm00
zi8bdXgfZnndgFYwzRB1uNIRaqjdZH1RkA7CK9CDUmbRq4y2y3k310kuVhwZBxAQ
rNCUiY8uIYUay07nYK7947R2a8KYHxGrHpZAbjd5knONwi7Req0h/B063i7xYOzM
K2Qs8bny21qZxOXei0Daej7tWAjzmV7d4KQm5IeZN0nvRiqKOCuc1V4qMvGvikH1
Mtu8XuhHYEP1TGEg0NbgJVUpAXirsgphJF/+RueC4P0bVXfrlLkmDGjljC9kHdGv
VkDBB/uOHOFYYZ+Fa7O9
=Xfoe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ