Date: Sat, 12 Nov 2016 11:52:09 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) On Friday 11 November 2016 12:43:58 cve-assign@...re.org wrote: > We would need more impact analysis before assigning a CVE ID for this. > It seems to affect only the dwarfdump command-line program, not > library code that is used in arbitrary applications. That's right. The problem is only in the command line utility and not in any library. As it is a buffer over read of 1, it is fine for me to don't have a cve for this issue but I shared because distro(s) would have the patch aboard. -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ