CVE-2016-9276

NameCVE-2016-9276
DescriptionThe dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs844011

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dwarfutils (PTS)jessie20120410-2+deb8u1vulnerable
stretch20161124-1+deb9u1fixed
buster, bullseye, sid20180809-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dwarfutilssource(unstable)20161124-1medium844011

Notes

[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c
Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit.

Search for package or bug name: Reporting problems