Lucene search

[email protected]CVE-2017-9053

HistoryMay 18, 2017 - 6:29 a.m.

CVE-2017-9053

2017-05-1806:29:00

CWE-125

[email protected]

web.nvd.nist.gov

cve-2017-9053

dw201703-005

libdwarf

buffer over-read

nvd

security issue

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).

Affected configurations

NVD

Node

libdwarf_projectlibdwarfMatch2017-03-21

CPENameOperatorVersion
libdwarf_project:libdwarflibdwarf project libdwarfeq2017-03-21

CPE	Name	Operator	Version
libdwarf_project:libdwarf	libdwarf project libdwarf	eq	2017-03-21

References

www.prevanders.net/dwarfbug.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.2 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for CVE-2017-9053

redhatcve1 ubuntucve1 prion1 cvelist1 debiancve1 nvd1 nessus2