Bug ID 1001133
Summary VUL-1: CVE-2016-7511: libdwarf: Integer Overflow
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware Other
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Security
Assignee dmueller@suse.com
Reporter abergmann@suse.com
QA Contact qa-bugs@suse.de
Found By Security Response Team
Blocker --- 

https://www.prevanders.net/libdwarf-20160923.tar.gz

bugxml/data.txt

id: DW201609-002
cve: CVE-2016-7511
datereported: 20160918
reportedby: Shi Ji (@Puzzor)
vulnerability: libdwarf 20160613 Integer Overflow
product: libdwarf
description: In dwarf_get_size_of_val() with
  fuzzed DWARF data we get a SEGV.
  <pre>
  See
  https://sourceforge.net/p/libdwarf/bugs/3/
  </pre>
  <pre>
  ==6825== ERROR: AddressSanitizer: SEGV on unknown address 0x0583903c (pc
0xb61f1a98 sp 0xbfa388b4 bp 0xbfa38d08 T0)
  AddressSanitizer can not provide additional info.
  #1 0xb61e3c0b (/usr/lib/i386-linux-gnu/libasan.so.0+0xdc0b)
  #2 0x80a21b1 in _dwarf_get_size_of_val
/home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_util.c:210
  #3 0x8054214 in _dwarf_next_die_info_ptr
/home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_die_deliv.c:1340
  #4 0x80557a5 in dwarf_child
/home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_die_deliv.c:1640
  #5 0x804b23f in get_die_and_siblings
/home/fuzzing/fuzzing/dwarf-20160613/dwarfexample/./simplereader.c:573
  </pre>
  _dwarf_make_CU_Context() is insufficiently cautious about
  the length of a CU being absurd.
  Unclear as yet if this is the problem
  but it is a problem and is fixed for next release.
datefixed:
references: regressiontests/DW201609-002/DW201609-002-poc
gitfixid:   3767305debcba8bd7e1c483ae48c509d25399252
tarrelease:
endrec:

References:
https://www.prevanders.net/dwarf.html#releases

You are receiving this mail because: