Vulnerabilities > CVE-2015-3239 - Numeric Errors vulnerability in Libunwind Project Libunwind 1.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
libunwind-project
CWE-189
nessus
NVD
Published: 2015-08-26
Updated: 2023-02-13

Summary

Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.

Vulnerable Configurations

Part Description Count
Application
Libunwind_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-491.NASL
    descriptionlibunwind was updated to fix one security issue. This security issue was fixed : - CVE-2015-3239: Off-by-one in dwarf_to_unw_regnum() (bsc#936786).
    last seen2020-06-05
    modified2015-07-15
    plugin id84755
    published2015-07-15
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84755
    titleopenSUSE Security Update : libunwind (openSUSE-2015-491)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-11354.NASL
    descriptionFix CVE-2015-3239 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-07-22
    plugin id84904
    published2015-07-22
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84904
    titleFedora 22 : libunwind-1.1-10.fc22 (2015-11354)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-61.NASL
    descriptionThis update for libunwind fixes one minor security issue and one bug. The following security issue was fixed : - CVE-2015-3239: off-by-one error that could be triggered when reading untrusted binaries (boo#936786) The following packaging bug was fixed : - boo#1122012: The 32 bit were not generated on Leap 42.3
    last seen2020-03-18
    modified2019-01-22
    plugin id121286
    published2019-01-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121286
    titleopenSUSE Security Update : libunwind (openSUSE-2019-61)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-11465.NASL
    descriptionFix CVE-2015-3239 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-07-30
    plugin id85087
    published2015-07-30
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85087
    titleFedora 21 : libunwind-1.1-10.fc21 (2015-11465)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0284-1.NASL
    descriptionThis update for libunwind fixes the following issues : Security issues fixed : CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786) Non-security issues fixed: Fixed a dependency issue with libzmq5 (bsc#1122012) Fixed build on armv7 (bsc#976955) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122048
    published2019-02-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122048
    titleSUSE SLED12 / SLES12 Security Update : libunwind (SUSE-SU-2019:0284-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-271.NASL
    descriptionInvalid dwarf opcodes can cause references beyond the end of the array. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-07-14
    plugin id84677
    published2015-07-14
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84677
    titleDebian DLA-271-1 : libunwind security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2015-600.NASL
    descriptionAn off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data.
    last seen2020-06-01
    modified2020-06-02
    plugin id86356
    published2015-10-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86356
    titleAmazon Linux AMI : libunwind (ALAS-2015-600)

Redhat

advisories
  • rhsa
    idRHSA-2015:1675
  • rhsa
    idRHSA-2015:1768
  • rhsa
    idRHSA-2015:1769
rpms
  • libunwind-0:1.1-4.1.el7ost
  • libunwind-debuginfo-0:1.1-4.1.el7ost
  • libunwind-0:1.1-4.1.el6ost
  • libunwind-debuginfo-0:1.1-4.1.el6ost
  • libunwind-0:1.1-4.1.el7ost
  • libunwind-debuginfo-0:1.1-4.1.el7ost
  • libunwind-devel-0:1.1-4.1.el7ost

References