Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-8680

Published: 15/02/2017 Updated: 01/03/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Libdwarf Project

Vulnerability Summary

The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and previous versions allows remote malicious users to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libdwarf project libdwarf

Vendor Advisories

Debian CVElist Bug Report Logs: dwarfutils: CVE-2016-8679: heap-based buffer overflow in _dwarf_get_size_of_val
Debian Bug report logs - #840958 dwarfutils: CVE-2016-8679: heap-based buffer overflow in _dwarf_get_size_of_val Package: src:dwarfutils; Maintainer for src:dwarfutils is Fabian Wolff <fabiwolff@arcorde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 13:12:01 UTC Severity: important T ...
Debian CVElist Bug Report Logs: dwarfutils: CVE-2016-8680: heap-based buffer overflow in _dwarf_get_abbrev_for_code
Debian Bug report logs - #840960 dwarfutils: CVE-2016-8680: heap-based buffer overflow in _dwarf_get_abbrev_for_code Package: src:dwarfutils; Maintainer for src:dwarfutils is Fabian Wolff <fabiwolff@arcorde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 13:12:07 UTC Severity: importa ...
Debian CVElist Bug Report Logs: dwarfutils: CVE-2016-8681: heap-based buffer overflow in _dwarf_get_abbrev_for_code second one
Debian Bug report logs - #840961 dwarfutils: CVE-2016-8681: heap-based buffer overflow in _dwarf_get_abbrev_for_code second one Package: src:dwarfutils; Maintainer for src:dwarfutils is Fabian Wolff <fabiwolff@arcorde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 13:12:09 UTC Severi ...
Red Hat: CVE-2016-8680
The _dwarf_get_abbrev_for_code function in dwarf_utilc in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file ...
Arch Linux Issues:
An out of bounds heap read vulnerability was found in _dwarf_get_abbrev_for_code triggered by invoking dwarfdump command on crafted file ...

References

CWE-125https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2https://bugzilla.redhat.com/show_bug.cgi?id=1385686https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/http://www.securityfocus.com/bid/93595http://www.openwall.com/lists/oss-security/2016/10/16/4https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840958https://security.archlinux.org/CVE-2016-8680
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook