Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 15 Oct 2016 22:49:12 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/

> AddressSanitizer: heap-buffer-overflow ... READ of size 1
> libdwarf/dwarf_util.c:624:43 in _dwarf_get_abbrev_for_code

> https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2

Use CVE-2016-8680.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYAudXAAoJEHb/MwWLVhi2ohsP/1Cco5DxH5s7xrI2OQ5S3npL
a4i0ykWBel0oObYzllOxCErUKsIRwgHuL59kMcKyYfiMf4StxpRRoCKXN0UJUPjG
jzyvJCrDwv3/yPfioei4oixSqoonDPnnMso/5+mTJEE5Swo+iLIpH8JRUBQhmPNs
JUl/NutBuTxlLqw9dXbo1Cb6JDrB1bRdlVXVonqqZ+ymk+RE3EtozsEA0ePKqnBK
41BMl/uwO8Ue1pCbdIFGbhuQieFJbYKASWJV6gK6zyx8J+W6pRjT9b8yWvDVfejO
kLLR0NyZni5powlZ8w+2Eyeb/zaLJlSQus+4vwEhTbbIMJkqtxCiFj46ksS2ty0Y
1x6fbW1/fHd5251NQp8uTl+1u3mhHpat5D9UABq5tPutLDRsASGvzkPIDi3GLHbi
M0I6lajCrptz3b6YgqyPOprAMlSUPS06T/9rcTC7I3GfGL/WN8klBgwmolrVdifj
RjlvQxWFnVi1JDKSodj9hbxcz3g6IFOSKyACuvdXph+943c6yYm3ZFb6GVQtZbsI
Zl9CvCmpM7rhE/Yc02EQeqPN73myVtdJHZiU3EAlxD9+ShlzmXoSkXrZoNucBb6x
LaA3v+xv1hePJkxsC3Ut/S99F5R/A6s0XGLuDSIQlSCr/Qs9vyzr7GNygVHmTYFd
jc7kJQ4SsHC12NUfqejb
=cKdI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ