[Secure-testing-team] Bug#866968: dwarfutils: CVE-2017-9998: SEGV libdwarf/dwarf_leb.c:291 in _dwarf_decode_s_leb128_chk
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 3 05:08:00 UTC 2017
Source: dwarfutils
Version: 20170416-2
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for dwarfutils.
CVE-2017-9998[0]:
| The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf
| through 2017-06-28 allows remote attackers to cause a denial of service
| (Segmentation fault) via a crafted file.
$~/dwarfutils-20170416# ./dwarfdump/dwarfdump ~/POC1
.debug_info
ASAN:DEADLYSIGNAL
=================================================================
==985==ERROR: AddressSanitizer: SEGV on unknown address 0x60462c598e45 (pc 0x5611cdb92696 bp 0x7ffdcfc1c2a0 sp 0x7ffdcfc1c250 T0)
#0 0x5611cdb92695 in _dwarf_decode_s_leb128_chk libdwarf/dwarf_leb.c:291
#1 0x5611cdbc56a6 in _dwarf_get_size_of_val libdwarf/dwarf_util.c:371
#2 0x5611cdbb941d in _dwarf_get_value_ptr libdwarf/dwarf_query.c:519
#3 0x5611cdbb9e6c in dwarf_attr libdwarf/dwarf_query.c:614
#4 0x5611cdb9acab in dwarf_srcfiles dwarf_line.c:326
#5 0x5611cdb1a770 in print_one_die_section dwarfdump/print_die.c:812
#6 0x5611cdb18326 in print_infos dwarfdump/print_die.c:371
#7 0x5611cdb0599e in process_one_file dwarfdump/dwarfdump.c:1293
#8 0x5611cdb035d7 in main dwarfdump/dwarfdump.c:562
#9 0x7fa2134172b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#10 0x5611cdaffa09 in _start (/home/user/dwarfutils-20170416/dwarfdump/dwarfdump+0x4fa09)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV libdwarf/dwarf_leb.c:291 in _dwarf_decode_s_leb128_chk
==985==ABORTING
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9998
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list