CVE CyberSecurity Database News

CVE-2022-39170 libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

Poster -

If you have a shared library loaded at run time, this may result in a crash and a denial of service.

CVE ID: CVE-2017-7584 A double free bug was found in libdwarf 0.4.1. If you have a shared library loaded at run time, this may result in a crash and a denial of service.

CVE ID: CVE-2017-7585 A double free bug was found in libdwarf 0.4.1. If you have a shared library loaded at run time, this may result in a crash and a denial of service.

CVE ID: CVE-2017-7586 A double free bug was found in libdwarf 0.4.1. If you have a shared library loaded at run time, this may result in a crash and a denial of service.

CVE ID: CVE-2017-7587 A double free bug was found in libdwarf 0.4.1. If you have a shared library loaded at run time, this may result in a crash and a denial of service.

CVE ID: CVE-2017-7588 A double free bug was found in libdwarf 0.4.1. If you have a shared library loaded at run time, this may result in a crash and a denial of service.

CVE ID: CVE-2017-7589 A double free bug was found in libdwarf

Ruby 2.3.1 br ng_utf8_encode()

If you have a shared library loaded at run time, this may result in a crash and a denial of service.

CVE ID: CVE-2017-7588 A double free bug was found in libdwarf 0.4.1. If you have a shared library loaded at run time, this may result in a crash and a denial of service.

Dwarfd 2.0.0 2.0.0

As we have already mentioned, the libdwarf library is vulnerable to a double free bug. If you have a shared library loaded at run time, this may result in a crash and a denial of service.

How to upgrade your software

To mitigate this vulnerability, recompile libdwarf with latest version of compiler and run the following command:

./configure --disable-debug --disable-optimization
--enable-threads=posix

Timeline

Published on: 09/02/2022 03:15:00 UTC
Last modified on: 09/18/2022 02:15:00 UTC

References