ROSA LABROSA-SA-2021-1866Advisory ROSA-SA-2021-1866
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
65.0%
Software: libdwarf 20130207
OS: Cobalt 7.9
CVE-ID: CVE-2016-5028
CVE-Crit: MEDIUM
CVE-DESC: The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (dereferencing a null pointer) via an object file with empty bss-like sections.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5029
CVE-Crit: MEDIUM
CVE-DESC: The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (null pointer dereference) via a created dwarf file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5030
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (null pointer dereference) via a crafted file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5031
CVE-Crit: MEDIUM
CVE-DESC: The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5032
CVE-Crit: MEDIUM
CVE-DESC: The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (failure) via a crafted file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5033
CVE-Crit: MEDIUM
CVE-DESC: The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5034
CVE-Crit: MEDIUM
CVE-DESC: dwarf_self_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-range record) via a crafted file associated with move records.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5035
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5036
CVE-Crit: HIGH
CVE-DESC: The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of bounds) using crafted frame data.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5037
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (null pointer dereference) via a crafted file.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5038
CVE-Crit: HIGH
CVE-DESC: The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted string offset for .debug_str.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5039
CVE-Crit: HIGH
CVE-DESC: The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted object with all bits.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5040
CVE-Crit: HIGH
CVE-DESC: libdwarf to 20160923 allows remote attackers to cause a denial of service (read out of range and crash) by using a large length value in the compilation module header.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5042
CVE-Crit: HIGH
CVE-DESC: The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and failure) via a created DWARF partition.
CVE-STATUS: default
CVE-REV: Default
CVE-ID: CVE-2016-5043
CVE-Crit: HIGH
CVE-DESC: The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range and crash) via a created DWARF partition.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-5044
CVE-Crit: HIGH
CVE-DESC: The WRITE_UNALIGNED function in dwarf_self_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-range writes and crashes) via a created DWARF partition.
CVE-STATUS: default
CVE-REV: Default
CVE-ID: CVE-2016-7510
CVE-Crit: MEDIUM
CVE-DESC: The read_line_table_program function in dwarf_line_table_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via specially crafted input.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-8680
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (read out of range) by invoking the dwarfdump command for a created file.
CVE-STATUS: default
CVE-REV: default
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
65.0%