Libdwarf
CVE-2016-2091
LOW
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
AnalysisAI
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. Affected products include: Libdwarf Project Libdwarf.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have uns
There is a heap-based buffer over-read in libdwarf 0.4.0. Rated high severity (CVSS 8.1), this vulnerability is remotely
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (in
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. Rated high severity (CVSS
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-boun
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bou
The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to caus
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of ser
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereferenc
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to caus
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today