Bug 1178725 (CVE-2014-9482) - CVE-2014-9482 libdwarf: use-after-free when parsing a crafted ELF file
Summary: CVE-2014-9482 libdwarf: use-after-free when parsing a crafted ELF file
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-9482
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1177758
Blocks: 1225848
TreeView+ depends on / blocked
 
Reported: 2015-01-05 12:09 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:25 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-06-18 18:46:19 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-01-05 12:09:52 UTC
Use-after-free vulnerability was reported in libdwarf [1].
If dwarfdump is passed a corrupted ELF file, 'Dwarf_Debug' object will be freed in 'dwarf_elf_object_access_finish', but then this object is being referenced later in 'print_error':

--------------------------------
res = dwarf_object_init(binary_interface, errhand, errarg,
        ret_dbg, error);
    if (res != DW_DLV_OK){
        dwarf_elf_object_access_finish(binary_interface);
    }
--------------------------------
...
--------------------------
    if (obj->object) {
        dwarf_elf_object_access_internals_t *internals =
            (dwarf_elf_object_access_internals_t *)obj->object;
--------------------------

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1177758

Comment 1 Martin Prpič 2015-01-06 09:20:10 UTC
MITRE assigned CVE-2014-9482 to this issue: http://seclists.org/oss-sec/2015/q1/20

Comment 2 Orion Poplawski 2015-01-24 04:06:28 UTC
It appears to me that the EPEL6 version - 20140413 - is vulnerable to this as well.  I believe that upstream commit 9a2dfcfe020314672086e44bddd81c155cba2a6d is the primary fix for this, but it does not apply cleanly to 20140413.

I don't want to update to the latest release due to apparent ABI incompatibilities - see http://upstream.rosalinux.ru/versions/libdwarf.html


Note You need to log in before you can comment on or make changes to this bug.