CVE-2016-8681

CVE-2016-8681

Name

CVE-2016-8681

Description

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mailing List	http://www.openwall.com/lists/oss-security/2016/10/16/5
Third Party Advisory	http://www.securityfocus.com/bid/93592
Exploit	https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1385690

Type

URI

Mailing List

http://www.openwall.com/lists/oss-security/2016/10/16/5

Third Party Advisory

http://www.securityfocus.com/bid/93592

Exploit

https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1385690

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libdwarf_project:libdwarf::::::::`	libdwarf	>= None	<= 2016-10-01

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*

libdwarf

>= None

<= 2016-10-01

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libdwarf	edge-main	2.1.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	2.0.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.9.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.9.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.9.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.8.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.7.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.6.0-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.6.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	edge-main	0.6.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	3.23-main	2.1.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	3.22-main	0.9.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	3.22-main	0.6.0-r0	None	possibly vulnerable
libdwarf	3.21-main	0.9.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	3.21-main	0.6.0-r0	None	possibly vulnerable
libdwarf	3.20-main	0.9.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	3.20-main	0.6.0-r0	None	possibly vulnerable
libdwarf	3.19-main	0.8.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libdwarf	3.19-main	0.6.0-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libdwarf

edge-main

2.1.0-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

libdwarf

edge-main