1200291 – (CVE-2022-32200) VUL-0: CVE-2022-32200: libdwarf: heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

Bug 1200291 (CVE-2022-32200) - VUL-0: CVE-2022-32200: libdwarf: heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.

Summary: VUL-0: CVE-2022-32200: libdwarf: heap-based buffer over-read in _dwarf_check_...

Status:	RESOLVED FIXED

Alias:	CVE-2022-32200

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/333353/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2022-06-07 14:28 UTC by Thomas Leroy
Modified:	2024-04-19 11:20 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-06-07 14:28:43 UTC

CVE-2022-32200

libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in
dwarf_util.c.

Upstream fix:
https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32200
https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069
https://github.com/davea42/libdwarf-code/issues/116
https://www.prevanders.net/dwarfbug.html

Comment 1 Thomas Leroy 2022-06-07 14:29:49 UTC

@Michael I have a doubt here, is libdwarf still maintained?

Comment 2 Thomas Leroy 2022-06-07 14:57:27 UTC

SUSE codestreams are not affected. I only got an ASan crash on openSUSE:Factory.

Comment 3 Michael Matz 2022-06-07 15:23:07 UTC

I wouldn't really call it maintained.  It got into SLE "just because", and it didn't see proper updates since 2017.  That said, if you can show a problem I'm willing to ponder a backport (not a version update, though), for the SLE codestreams.  For Factory it would be Dirk bugowning this thing.

Comment 4 Thomas Leroy 2022-06-07 15:33:16 UTC

(In reply to Michael Matz from comment #3)
> I wouldn't really call it maintained.  It got into SLE "just because", and
> it didn't see proper updates since 2017.  That said, if you can show a
> problem I'm willing to ponder a backport (not a version update, though), for
> the SLE codestreams.  For Factory it would be Dirk bugowning this thing.

Thanks for the explanations. For this bug particularly, nothing to do for SLE codestreams. Like for the other toolchain tools, it's very unlikely that we will get an RCE without user interaction, but we might get LTSS worthy bugs...

Comment 5 Dirk Mueller 2022-06-07 16:25:02 UTC

submitted to factory.

Comment 6 OBSbugzilla Bot 2022-06-07 18:40:03 UTC

This is an autogenerated message for OBS integration:
This bug (1200291) was mentioned in
https://build.opensuse.org/request/show/981183 Factory / libdwarf

Comment 7 Robert Frohl 2024-04-19 11:20:00 UTC

closing