CVE-2015-3239

NameCVE-2015-3239
DescriptionOff-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-271-1
Debian Bugs790830, 849346

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
android-platform-external-libunwind (PTS)buster8.1.0+r23-2fixed
sid, bookworm, bullseye10.0.0+r36-4fixed
libunwind (PTS)buster1.2.1-10~deb10u1fixed
bullseye1.3.2-2fixed
sid, trixie, bookworm1.6.2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
android-platform-external-libunwindsource(unstable)7.0.0+r1-4849346
libunwindsourcesqueeze0.99-0.2+deb6u1DLA-271-1
libunwindsource(unstable)1.1-4low790830

Notes

[jessie] - libunwind <no-dsa> (Minor issue)
[wheezy] - libunwind <no-dsa> (Minor issue)
http://savannah.nongnu.org/bugs/?45276 (private bug)
http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
Search for package or bug name: Reporting problems