Bug 2026685 (CVE-2020-28163) - CVE-2020-28163 libdwarf: NULL pointer dereference due to corrupt line table header
Summary: CVE-2020-28163 libdwarf: NULL pointer dereference due to corrupt line table h...
Keywords:
Status: NEW
Alias: CVE-2020-28163
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2027699
Blocks: 2026686
TreeView+ depends on / blocked
 
Reported: 2021-11-25 14:00 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-07-07 08:34 UTC (History)
5 users (show)

Fixed In Version: libdwarf-0.3.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libdwarf. A possible null pointer dereference vulnerability allows an attacker to input a specially crafted file, leading to a crash. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-11-25 14:00:15 UTC 
If a DWARF5 line table header has an invalid FORM for a pathname, the fi_file_name field may be null and printing it via %s can result in referencing memory at address 0, possibly generating segmentation violation or application crash. Now in case of null we provide a fixed string of <no file name> and for the form code we print the value and <unknown form> so there are no unpredictable effects.

Reference:
https://www.prevanders.net/dwarfbug.html

Upstream patch:
https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3
Comment 1 Tom Hughes 2021-11-25 14:11:22 UTC 
Please stop subscribing me to bugs wihout my permission.

I am the maintainer for the Fedora builds of libdwarf and bugzilla will automatically include me on any bugs you open against it for Fedora.

I do not need to be added to bugs RedHat use for their internal security response administration.
Note You need to log in before you can comment on or make changes to this bug.