|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2024-31745: libdwarf: heap use-after-free via the dw_empty_errlist_item function at /libdwarf/dwarf_alloc.c | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Michael Matz <matz> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | camila.matos, dmueller, matz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/402727/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2024-31745:6.6:(AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2024-04-19 18:03:38 UTC
Package libdwarf is affected in the following codestreams: - openSUSE:Factory Hmm, this fell through the cracks. I'll update the factory package. I'm fairly reluctant to change anything for the SLE version. It's so old that a version update is right out of question. The patch only touches a facility that didn't exist back then: it's a list of specially allocated error objects that were freed too early. In the old dwarf source base there is no such list at all, only a single item. Introducing that list also introduced a free-everything-in-the-list function, and _that_ is the one that accesses the already freed memory. The patch makes it so that already-freed objects are cleared from the list. None of that code exists in the old libdwarf without the static_errlist. So I think it's really not affected. (As said, I'm going to update factory libdwarf) Whoops, Dominique already updated libdwarf to 0.9.2, so this is fixed. |