Mailinglist Archive: opensuse-bugs (4295 mails)

< Previous Next >
[Bug 1039693] New: VUL-1: CVE-2017-9055: libdwarf: heap-based buffer over-read (dwarf_formsdata() func)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 18 May 2017 10:32:51 +0000
  • Message-id: <bug-1039693-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1039693


Bug ID: 1039693
Summary: VUL-1: CVE-2017-9055: libdwarf: heap-based buffer
over-read (dwarf_formsdata() func)
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-9055
===================================================
Description

An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In
dwarf_formsdata() a few data types were not checked for being in bounds,
leading to a heap-based buffer over-read.
===================================================

Hperlink

[1] https://security-tracker.debian.org/tracker/CVE-2017-9055

[2] https://www.prevanders.net/dwarfbug.html#DW201703-001


(open-)SUSE: https://software.opensuse.org/package/libdwarf

20161124 (TW, official repo)
20150115 (42.{2,3}, official repo)

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups