Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Nov 2016 12:45:32 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: libdwarf: heap-based buffer overflow in dwarf_get_aranges_list (dwarf_arange.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c
> https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
> 
> AddressSanitizer: heap-buffer-overflow
> READ of size 2

Use CVE-2016-9276 for this buffer over-read. Although the commit is
the same as for CVE-2016-9275, fixing CVE-2016-9276 apparently
requires the dwarf_arange.c part of the commit.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYJgKbAAoJEHb/MwWLVhi28eMP/01xy9Xb5cx1Nekg36i2fkrn
rqfRioDonkNhjjB2hHszRn7TJkXKAMzxWdPJhuMTsYlo8R9jwBy0jyZmSNXi+5gL
1ms14sa2pZnOo6PdO/FfyPSDjBqVR/2tj0E3mrVXtvQWhwZj7F8723y7dEWQJ6FS
u8RKcqYep/YC+sCNgF2cnSHmHdzOL7DgIBOmDCshfWMx2aAtbKuvysGTfM4Sj7xU
28ZLvI7EzKyxB0BMfTnl/cNzmOdcVXxUwd8uw1u5U0xKqSqXHcTqpxjZt7Jl+4Jk
xy3qbyN+O2yrZJVsDhiR+lt0iRmodQov4m4bpHTnET8wglV3Vv6Amtkax79AzxCn
QKGNy02tL8RiMBLscxETJa5MUm8MNrsASPpKQvhodcOtMCapCb6NctuvNbxII5XQ
AIeDxn/5ElfNgKaJst4ou9nwuZYfSe91XS97bWX7d3IJnLECFrcDB6NC3LWqgBv9
Y534JH13OhruCrEuSr1cNUu3k1kLsNUyRHzMpUU+q6A0Q8ni5Kq1cL20BI3zku/f
ioKxPBUFaO3VGmnVPAOQdF70yokgrelUMxsr0rEbPwz2+R6AgAW2ICF/v2k/EP7D
sd80M5oB0j/5fUnbhC1mcT/sFVOl4ggi+BXtsF4QRXZ0vt5/rga2F3fy493yRdLw
NUJoJIaWp3qUr6VViDeP
=IOf0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ