CVE-2015-3239

NameCVE-2015-3239
DescriptionOff-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-271-1
NVD severitylow (attack range: local)
Debian Bugs790830, 849346

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
android-platform-external-libunwind (PTS)buster, sid, stretch7.0.0+r1-4fixed
libunwind (PTS)wheezy0.99-0.3vulnerable
jessie1.1-3.2vulnerable
buster, sid, stretch1.1-4.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
android-platform-external-libunwindsource(unstable)7.0.0+r1-4low849346
libunwindsource(unstable)1.1-4low790830
libunwindsourcesqueeze0.99-0.2+deb6u1lowDLA-271-1

Notes

[jessie] - libunwind <no-dsa> (Minor issue)
[wheezy] - libunwind <no-dsa> (Minor issue)
http://savannah.nongnu.org/bugs/?45276 (private bug)
http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1

Search for package or bug name: Reporting problems