Vulnerabilities > CVE-2016-9275 - Out-of-bounds Write vulnerability in Libdwarf Project Libdwarf
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_83041CA7D69011E6917114DAE9D210B8.NASL description Christian Rebischke reports : libdwarf is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 96368 published 2017-01-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96368 title FreeBSD : libdwarf -- multiple vulnerabilities (83041ca7-d690-11e6-9171-14dae9d210b8) NASL family Fedora Local Security Checks NASL id FEDORA_2017-961CD53028.NASL description Update to libdward 20170416 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-07-17 plugin id 101685 published 2017-07-17 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101685 title Fedora 26 : libdwarf (2017-961cd53028) NASL family Fedora Local Security Checks NASL id FEDORA_2017-15E7445D67.NASL description Update to libdward 20170416 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-04-26 plugin id 99676 published 2017-04-26 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99676 title Fedora 25 : libdwarf (2017-15e7445d67)
References
- https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
- https://bugzilla.redhat.com/show_bug.cgi?id=1394802
- https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c
- http://www.securityfocus.com/bid/94284
- http://www.openwall.com/lists/oss-security/2016/11/11/7