PT-2017-8659 · None · Libdwarf
Published
2017-02-17
·
Updated
2022-03-01
·
CVE-2016-5032
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libdwarf versions prior to 20160923
Description
The issue allows remote attackers to cause a denial of service (crash) via a crafted file. This is due to a problem in the
dwarf get xu hash entry function.Recommendations
For versions prior to 20160923, update to version 20160923 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially crafted files until the update is applied.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libdwarf