CVE-2019-14249 — Divide By Zero in Project Libdwarf

CWE-369 — Divide By Zero10 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libdwarf Project Libdwarf

Timeline

PublishedJul 24

Latest updateMay 24

Description

dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibdwarf_project/libdwarf< 2019-07-05

▶Alpinelibdwarf_project/libdwarf< 0.6.0-r0+5

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-vwmg-hgqp-857p: dwarf_elf_load_headers↗2022-05-24

▶

OSV

CVE-2019-14249: dwarf_elf_load_headers↗2019-07-24

▶

CVEList

CVE-2019-14249: dwarf_elf_load_headers↗2019-07-24

▶

📋Vendor Advisories

Red Hat

libdwarf: division by zero in dwarf_elf_load_headers.c leading to DoS↗2019-07-24

▶

Microsoft

dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service↗2019-07-09

▶

Debian

CVE-2019-14249: dwarfutils - dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause...↗2019

▶

💬Community

Bugzilla

CVE-2019-14249 libdwarf: division by zero in dwarf_elf_load_headers.c leading to DoS [epel-6]↗2019-07-24

▶

Bugzilla

CVE-2019-14249 libdwarf: division by zero in dwarf_elf_load_headers.c leading to DoS↗2019-07-24

▶

Bugzilla

CVE-2019-14249 libdwarf: division by zero in dwarf_elf_load_headers.c leading to DoS [fedora-all]↗2019-07-24

▶