1009972 – (CVE-2016-9275) VUL-1: CVE-2016-9275, CVE-2016-9276: libdwarf: buffer over-read in dwarf_get_aranges_list, heap-based buffer overflow in _dwarf_get_size_of_val

Bug 1009972 (CVE-2016-9275) - VUL-1: CVE-2016-9275, CVE-2016-9276: libdwarf: buffer over-read in dwarf_get_aranges_list, heap-based buffer overflow in _dwarf_get_size_of_val

Summary: VUL-1: CVE-2016-9275, CVE-2016-9276: libdwarf: buffer over-read in dwarf_get_...

Status:	RESOLVED FIXED

Alias:	CVE-2016-9275

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/176294/
Whiteboard:	CVSSv2:SUSE:CVE-2016-9275:4.4:(AV:L/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-11-14 10:34 UTC by Johannes Segitz
Modified:	2024-05-06 12:44 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-11-14 10:34:34 UTC

CVE-2016-9275:

Description: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c
Reproducer: https://github.com/asarubbo/poc/blob/master/00027-libdwarf-heapoverflow-_dwarf_skim_forms

CVE-2016-9276:
Description: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c
Reproducer: https://github.com/asarubbo/poc/blob/master/00026-libdwarf-heapoverflow-dwarf_get_aranges_list

Fix for both is in https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9275
http://seclists.org/oss-sec/2016/q4/403
http://seclists.org/oss-sec/2016/q4/401
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9275.html

Comment 1 Swamp Workflow Management 2016-11-14 23:00:16 UTC

bugbot adjusting priority

Comment 2 Michael Matz 2023-07-03 15:18:48 UTC

The version update back in 2017 fixed this bug.  Package changelog entry for that
was:

Mon Jan  2 12:53:22 UTC 2017 - dmueller@suse.com

- update to 20161124 (bsc#1012823, bsc#1001133,
  CVE-2016-9480, CVE-2016-7410, CVE-2016-7511, CVE-2016-5028,
  CVE-2016-5029, CVE-2016-5030, CVE-2016-5031, CVE-2016-5032,
  CVE-2016-5033, CVE-2016-5034, CVE-2016-5035, CVE-2016-5036,
  CVE-2016-5037, CVE-2016-5038, CVE-2016-5039, CVE-2016-5040,
  CVE-2016-5041, CVE-2016-5042, CVE-2016-5043, CVE-2016-5044 ):
  * removes libdwarf-fix-parallel-build.diff
- use shared library policy, main package removed and libdwarf1 added

So, it merely missed to mention this bug report and the two associated CVE numbers.
Assigning to sec team to close this.