Main Vulnerability Database SB2023070539

SB2023070539 - Denial of service in libdwarf

Published: July 5, 2023

Security Bulletin ID SB2023070539

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2020-27545)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a one-byte out-of-bounds read. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2025694
https://sourceforge.net/projects/libdwarf/
https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea
http://web.archive.org/web/20190601140703/
https://www.prevanders.net/dwarfbug.html#DW202010-001