CVE-2015-3239

NameCVE-2015-3239
DescriptionOff-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-271-1
Debian Bugs790830, 849346

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
android-platform-external-libunwind (PTS)bookworm, bullseye, sid10.0.0+r36-4fixed
libunwind (PTS)bullseye1.3.2-2fixed
bookworm1.6.2-3fixed
trixie1.6.2-3.1fixed
sid1.7.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
android-platform-external-libunwindsource(unstable)7.0.0+r1-4849346
libunwindsourcesqueeze0.99-0.2+deb6u1DLA-271-1
libunwindsource(unstable)1.1-4low790830

Notes

[jessie] - libunwind <no-dsa> (Minor issue)
[wheezy] - libunwind <no-dsa> (Minor issue)
http://savannah.nongnu.org/bugs/?45276 (private bug)
http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
Search for package or bug name: Reporting problems