http://bugzilla.suse.com/show_bug.cgi?id=1001133 Bug ID: 1001133 Summary: VUL-1: CVE-2016-7511: libdwarf: Integer Overflow Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: dmueller@suse.com Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- https://www.prevanders.net/libdwarf-20160923.tar.gz bugxml/data.txt id: DW201609-002 cve: CVE-2016-7511 datereported: 20160918 reportedby: Shi Ji (@Puzzor) vulnerability: libdwarf 20160613 Integer Overflow product: libdwarf description: In dwarf_get_size_of_val() with fuzzed DWARF data we get a SEGV. <pre> See https://sourceforge.net/p/libdwarf/bugs/3/ </pre> <pre> ==6825== ERROR: AddressSanitizer: SEGV on unknown address 0x0583903c (pc 0xb61f1a98 sp 0xbfa388b4 bp 0xbfa38d08 T0) AddressSanitizer can not provide additional info. #1 0xb61e3c0b (/usr/lib/i386-linux-gnu/libasan.so.0+0xdc0b) #2 0x80a21b1 in _dwarf_get_size_of_val /home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_util.c:210 #3 0x8054214 in _dwarf_next_die_info_ptr /home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_die_deliv.c:1340 #4 0x80557a5 in dwarf_child /home/fuzzing/fuzzing/dwarf-20160613/libdwarf/dwarf_die_deliv.c:1640 #5 0x804b23f in get_die_and_siblings /home/fuzzing/fuzzing/dwarf-20160613/dwarfexample/./simplereader.c:573 </pre> _dwarf_make_CU_Context() is insufficiently cautious about the length of a CU being absurd. Unclear as yet if this is the problem but it is a problem and is fixed for next release. datefixed: references: regressiontests/DW201609-002/DW201609-002-poc gitfixid: 3767305debcba8bd7e1c483ae48c509d25399252 tarrelease: endrec: References: https://www.prevanders.net/dwarf.html#releases -- You are receiving this mail because: You are on the CC list for the bug.