Vulnerability Details CVE-2016-8680
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2016/10/16/4
- http://www.securityfocus.com/bid/93595
- https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/
- https://bugzilla.redhat.com/show_bug.cgi?id=1385686
- https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
- http://www.openwall.com/lists/oss-security/2016/10/16/4
- http://www.securityfocus.com/bid/93595
- https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/
- https://bugzilla.redhat.com/show_bug.cgi?id=1385686
- https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
Products affected by CVE-2016-8680
-
cpe:2.3:a:libdwarf_project:libdwarf:1999-12-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2000-06-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2000-07-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2001-05-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2001-06-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2001-08-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2002-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2002-10-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2002-11-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-04-06
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-10-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-10-06
-
cpe:2.3:a:libdwarf_project:libdwarf:2003-12-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-01-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-01-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-02-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-03-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-05-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-10-11
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-10-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-10-27
-
cpe:2.3:a:libdwarf_project:libdwarf:2004-11-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-02-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-03-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-05-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-07-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-07-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-08-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-10-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-10-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-11-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-11-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2005-12-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-02-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-03-27
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-04-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-04-19
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-04-21
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-06-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-06-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-09-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-11-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2006-12-06
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-02-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-02-20
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-02-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-04-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-05-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-05-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-07-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-07-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-07-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-09-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-10-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-10-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-12-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2007-12-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-01-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-02-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-02-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-04-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-06-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-06-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-08-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-09-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-10-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-10-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-11-19
-
cpe:2.3:a:libdwarf_project:libdwarf:2008-12-31
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-02-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-02-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-02-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-03-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-03-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-05-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-06-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-07-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-07-16
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-10-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-11-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-12-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2009-12-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-02-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-02-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-03-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-04-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-06-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-08-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2010-09-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-01-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-06-05
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-06-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-06-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-09-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-10-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-10-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2011-12-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2012-04-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2012-11-27
-
cpe:2.3:a:libdwarf_project:libdwarf:2012-11-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-20
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-25
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-01-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-02-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-02-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-03-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-06-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-07-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-07-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-08-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-10-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-10-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-10-31
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-11-24
-
cpe:2.3:a:libdwarf_project:libdwarf:2013-12-26
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-01-31
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-02-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-02-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-02-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-03-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-04-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-08
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-11
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-17
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-18
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-05-19
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-06-28
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-06-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-06-30
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-01
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-03
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-05
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-09
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-11
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-07-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-08-02
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-08-04
-
cpe:2.3:a:libdwarf_project:libdwarf:2014-08-05
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-01-12
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-01-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-03-10
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-05-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-09-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-09-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-01-15
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-05-07
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-06-13
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-09-22
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-09-23
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-09-29
-
cpe:2.3:a:libdwarf_project:libdwarf:2016-10-01