Skip to main content

Libdwarf CVE-2016-9480

CRITICAL
Buffer Overflow (CWE-119)
2016-11-29 cve@mitre.org
9.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 29, 2016 - 23:59 cve.org
CRITICAL 9.1

DescriptionCVE.org

libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.

AnalysisAI

libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read". Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006. Affected products include: Libdwarf Project Libdwarf.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-9558 CRITICAL POC
9.8 Feb 28

(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have uns

CVE-2022-34299 HIGH POC
8.1 Jun 23

There is a heap-based buffer over-read in libdwarf 0.4.0. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2016-5042 HIGH POC
7.5 Feb 17

The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (in

CVE-2022-32200 HIGH POC
7.8 Jun 02

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. Rated high severity (CVSS

CVE-2016-5044 HIGH POC
7.5 Feb 17

The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial

CVE-2016-5043 HIGH POC
7.5 Feb 17

The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-boun

CVE-2016-5040 HIGH POC
7.5 Feb 17

libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large

CVE-2016-5039 HIGH POC
7.5 Feb 17

The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bou

CVE-2016-5038 HIGH POC
7.5 Feb 17

The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to caus

CVE-2016-5036 HIGH POC
7.5 Feb 17

The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of ser

CVE-2016-5041 HIGH POC
7.5 Apr 10

dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereferenc

CVE-2016-8680 MEDIUM POC
6.5 Feb 15

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to caus

Share

CVE-2016-9480 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy