Bug 1291299 (CVE-2015-8538) - CVE-2015-8538 libdwarf: Out-of-bounds read in dwarf_leb.c
Summary: CVE-2015-8538 libdwarf: Out-of-bounds read in dwarf_leb.c
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-8538
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1291300 1289385
Blocks: 1291302
TreeView+ depends on / blocked
 
Reported: 2015-12-14 14:21 UTC by Adam Mariš
Modified: 2019-09-29 13:40 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-10 13:29:55 UTC


Attachments (Terms of Use)

Description Adam Mariš 2015-12-14 14:21:13 UTC
It was found that if an ELF file is passed to dwarfdump, SIGSEGV will occur in libdwarf/dwarf_leb.c.

Product bug (includes reproducer):

https://bugzilla.redhat.com/show_bug.cgi?id=1289385

CVE assignment:

http://seclists.org/oss-sec/2015/q4/464

Comment 1 Adam Mariš 2015-12-14 14:21:36 UTC
Created libdwarf tracking bugs for this issue:

Affects: epel-6 [bug 1291300]

Comment 2 Tom Hughes 2015-12-14 14:22:58 UTC
Already fixed against RHBZ#1289385.

Comment 3 Adam Mariš 2015-12-14 14:46:14 UTC
Acknowledgments:

Red Hat would like to thank Xiao Qixue for reporting this issue.

Comment 4 Stefan Cornelius 2016-01-14 12:33:01 UTC
Reopening. This is an umbrella bug for more than just Fedora.


Note You need to log in before you can comment on or make changes to this bug.