Vulnerabilities > CVE-2015-3239 - Numeric Errors vulnerability in Libunwind Project Libunwind 1.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-491.NASL description libunwind was updated to fix one security issue. This security issue was fixed : - CVE-2015-3239: Off-by-one in dwarf_to_unw_regnum() (bsc#936786). last seen 2020-06-05 modified 2015-07-15 plugin id 84755 published 2015-07-15 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84755 title openSUSE Security Update : libunwind (openSUSE-2015-491) NASL family Fedora Local Security Checks NASL id FEDORA_2015-11354.NASL description Fix CVE-2015-3239 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-22 plugin id 84904 published 2015-07-22 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84904 title Fedora 22 : libunwind-1.1-10.fc22 (2015-11354) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-61.NASL description This update for libunwind fixes one minor security issue and one bug. The following security issue was fixed : - CVE-2015-3239: off-by-one error that could be triggered when reading untrusted binaries (boo#936786) The following packaging bug was fixed : - boo#1122012: The 32 bit were not generated on Leap 42.3 last seen 2020-03-18 modified 2019-01-22 plugin id 121286 published 2019-01-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121286 title openSUSE Security Update : libunwind (openSUSE-2019-61) NASL family Fedora Local Security Checks NASL id FEDORA_2015-11465.NASL description Fix CVE-2015-3239 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-30 plugin id 85087 published 2015-07-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85087 title Fedora 21 : libunwind-1.1-10.fc21 (2015-11465) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0284-1.NASL description This update for libunwind fixes the following issues : Security issues fixed : CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786) Non-security issues fixed: Fixed a dependency issue with libzmq5 (bsc#1122012) Fixed build on armv7 (bsc#976955) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122048 published 2019-02-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122048 title SUSE SLED12 / SLES12 Security Update : libunwind (SUSE-SU-2019:0284-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-271.NASL description Invalid dwarf opcodes can cause references beyond the end of the array. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-07-14 plugin id 84677 published 2015-07-14 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84677 title Debian DLA-271-1 : libunwind security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-600.NASL description An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. last seen 2020-06-01 modified 2020-06-02 plugin id 86356 published 2015-10-13 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86356 title Amazon Linux AMI : libunwind (ALAS-2015-600)
Redhat
advisories |
| ||||||||||||
rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2015-1675.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1232265
- http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
- http://www.securityfocus.com/bid/76707
- http://rhn.redhat.com/errata/RHSA-2015-1769.html
- http://rhn.redhat.com/errata/RHSA-2015-1768.html