Bug 2026683 (CVE-2020-27545)

Summary: CVE-2020-27545 libdwarf: carefully corrupted line table can crash calling app
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: caswilli, fche, jitesh.1337, kaycoth, orion
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libdwarf-0.3.1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libdwarf. A possible memory leak allows an attacker to input a specially crafted file, leading to a crash. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2027570    
Bug Blocks: 2026686    

Description Guilherme de Almeida Suckevicz 2021-11-25 13:52:35 UTC 
A carefully crafted object with an invalid line table could cause libdwarf to dereference a pointer reading a single byte outside of the intended .debug_line section and potentially outside of memory visible to the library. A segmentation fault is possible. The code testing for the error was coded incorrectly so an invalid dereference could occur. Now the test code is correct and the error is detected resulting in a normal error return.

Reference:
https://www.prevanders.net/dwarfbug.html
Comment 1 Tom Hughes 2021-11-25 14:11:03 UTC 
Please stop subscribing me to bugs wihout my permission.

I am the maintainer for the Fedora builds of libdwarf and bugzilla will automatically include me on any bugs you open against it for Fedora.

I do not need to be added to bugs RedHat use for their internal security response administration.