Lucene search

K
rosalinuxROSA LABROSA-SA-2021-1866
HistoryJul 02, 2021 - 5:13 p.m.

Advisory ROSA-SA-2021-1866

2021-07-0217:13:15
ROSA LAB
abf.rosalinux.ru
9

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

65.0%

Software: libdwarf 20130207
OS: Cobalt 7.9

CVE-ID: CVE-2016-5028
CVE-Crit: MEDIUM
CVE-DESC: The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (dereferencing a null pointer) via an object file with empty bss-like sections.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5029
CVE-Crit: MEDIUM
CVE-DESC: The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (null pointer dereference) via a created dwarf file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5030
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (null pointer dereference) via a crafted file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5031
CVE-Crit: MEDIUM
CVE-DESC: The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5032
CVE-Crit: MEDIUM
CVE-DESC: The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (failure) via a crafted file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5033
CVE-Crit: MEDIUM
CVE-DESC: The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5034
CVE-Crit: MEDIUM
CVE-DESC: dwarf_self_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-range record) via a crafted file associated with move records.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5035
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5036
CVE-Crit: HIGH
CVE-DESC: The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of bounds) using crafted frame data.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5037
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (null pointer dereference) via a crafted file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5038
CVE-Crit: HIGH
CVE-DESC: The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted string offset for .debug_str.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5039
CVE-Crit: HIGH
CVE-DESC: The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via a crafted object with all bits.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5040
CVE-Crit: HIGH
CVE-DESC: libdwarf to 20160923 allows remote attackers to cause a denial of service (read out of range and crash) by using a large length value in the compilation module header.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5042
CVE-Crit: HIGH
CVE-DESC: The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and failure) via a created DWARF partition.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2016-5043
CVE-Crit: HIGH
CVE-DESC: The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range and crash) via a created DWARF partition.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5044
CVE-Crit: HIGH
CVE-DESC: The WRITE_UNALIGNED function in dwarf_self_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-range writes and crashes) via a created DWARF partition.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2016-7510
CVE-Crit: MEDIUM
CVE-DESC: The read_line_table_program function in dwarf_line_table_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (read out of range) via specially crafted input.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-8680
CVE-Crit: MEDIUM
CVE-DESC: The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (read out of range) by invoking the dwarfdump command for a created file.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchlibdwarf< 20130207UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

65.0%