Lucene search

[email protected]CVE-2017-9054

HistoryMay 18, 2017 - 6:29 a.m.

CVE-2017-9054

2017-05-1806:29:00

CWE-125

[email protected]

web.nvd.nist.gov

cve-2017-9054

dw201703-002

libdwarf

buffer over-read

nvd

security issue

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.

Affected configurations

NVD

Node

libdwarf_projectlibdwarfMatch2017-03-21

CPENameOperatorVersion
libdwarf_project:libdwarflibdwarf project libdwarfeq2017-03-21

CPE	Name	Operator	Version
libdwarf_project:libdwarf	libdwarf project libdwarf	eq	2017-03-21

References

www.prevanders.net/dwarfbug.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for CVE-2017-9054

ubuntucve1 cvelist1 nvd1 prion1 debiancve1 redhatcve1 nessus2