Bug ID | 1001133 |
---|---|
Summary | VUL-1: CVE-2016-7511: libdwarf: Integer Overflow |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.1 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Minor |
Priority | P5 - None |
Component | Security |
Assignee | dmueller@suse.com |
Reporter | abergmann@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | Security Response Team |
Blocker | --- |
https://www.prevanders.net/libdwarf-20160923.tar.gz bugxml/data.txt id: DW201609-002 cve: CVE-2016-7511 datereported: 20160918 reportedby: Shi Ji (@Puzzor) vulnerability: libdwarf 20160613 Integer Overflow product: libdwarf description: In dwarf_get_size_of_val() with fuzzed DWARF data we get a SEGV. <pre> See https://sourceforge.net/p/libdwarf/bugs/3/ </pre> <pre> ==6825== ERROR: AddressSanitizer: SEGV on unknown address 0x0583903c (pc 0xb61f1a98 sp 0xbfa388b4 bp 0xbfa38d08 T0) AddressSanitizer can not provide additional info. #1 0xb61e3c0b (/usr/lib/i386-linux-gnu/libasan.so.0+0xdc0b) #2 0x80a21b1 in _dwarf_get_size_of_val /home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_util.c:210 #3 0x8054214 in _dwarf_next_die_info_ptr /home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_die_deliv.c:1340 #4 0x80557a5 in dwarf_child /home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_die_deliv.c:1640 #5 0x804b23f in get_die_and_siblings /home/fuzzing/fuzzing/dwarf-20160613/dwarfexample/./simplereader.c:573 </pre> _dwarf_make_CU_Context() is insufficiently cautious about the length of a CU being absurd. Unclear as yet if this is the problem but it is a problem and is fixed for next release. datefixed: references: regressiontests/DW201609-002/DW201609-002-poc gitfixid: 3767305debcba8bd7e1c483ae48c509d25399252 tarrelease: endrec: References: https://www.prevanders.net/dwarf.html#releases