CVE-2017-9998Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libdwarf

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 31.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libdwarf Project Libdwarf
Timeline
PublishedJun 28
Latest updateMay 13

Description

The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDlibdwarf_project/libdwarf1999-12-142017-06-28

🔴Vulnerability Details

3
GHSA
GHSA-26jh-3pw8-9r3f: The _dwarf_decode_s_leb128_chk function in dwarf_leb2022-05-13
CVEList
CVE-2017-9998: The _dwarf_decode_s_leb128_chk function in dwarf_leb2017-06-28
OSV
CVE-2017-9998: The _dwarf_decode_s_leb128_chk function in dwarf_leb2017-06-28

📋Vendor Advisories

2
Red Hat
libdwarf: Segmentation fault in the _dwarf_decode_s_leb128_chk function2017-06-28
Debian
CVE-2017-9998: dwarfutils - The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-...2017

💬Community

3
Bugzilla
CVE-2017-9998 libdwarf: Segmentation fault in the _dwarf_decode_s_leb128_chk function [fedora-all]2017-07-12
Bugzilla
CVE-2017-9998 libdwarf: Segmentation fault in the _dwarf_decode_s_leb128_chk function2017-07-12
Bugzilla
CVE-2017-9998 libdwarf: Segmentation fault in the _dwarf_decode_s_leb128_chk function [epel-6]2017-07-12
CVE-2017-9998 — Libdwarf Project Libdwarf vulnerability | cvebase