Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 12 Nov 2016 11:52:09 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c)

On Friday 11 November 2016 12:43:58 cve-assign@...re.org wrote:
> We would need more impact analysis before assigning a CVE ID for this.
> It seems to affect only the dwarfdump command-line program, not
> library code that is used in arbitrary applications.

That's right. The problem is only in the command line utility and not in any 
library.
As it is a buffer over read of 1, it is fine for me to don't have a cve for 
this issue but I shared because distro(s) would have the patch aboard.

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ