Source: libelfin X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for libelfin. CVE-2020-24821[0]: | A vulnerability in the dwarf::cursor::skip_form function of Libelfin | v0.3 allows attackers to cause a denial of service (DOS) through a | segmentation fault via a crafted ELF file. https://github.com/aclements/libelfin/issues/52 https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191 CVE-2020-24822[1]: | A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 | allows attackers to cause a denial of service (DOS) through a | segmentation fault via a crafted ELF file. https://github.com/aclements/libelfin/issues/50 https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154 CVE-2020-24823[2]: | A vulnerability in the dwarf::to_string function of Libelfin v0.3 | allows attackers to cause a denial of service (DOS) through a | segmentation fault via a crafted ELF file. https://github.com/aclements/libelfin/issues/51 https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300 CVE-2020-24824[3]: | A global buffer overflow issue in the dwarf::line_table::line_table | function of Libelfin v0.3 allows attackers to cause a denial of | service (DOS). https://github.com/aclements/libelfin/issues/48 https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107 CVE-2020-24825[4]: | A vulnerability in the line_table::line_table function of Libelfin | v0.3 allows attackers to cause a denial of service (DOS) through a | segmentation fault via a crafted ELF file. https://github.com/aclements/libelfin/issues/46 https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104 CVE-2020-24826[5]: | A vulnerability in the elf::section::as_strtab function of Libelfin | v0.3 allows attackers to cause a denial of service (DOS) through a | segmentation fault via a crafted ELF file. https://github.com/aclements/libelfin/issues/49 https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284 CVE-2020-24827[6]: | A vulnerability in the dwarf::cursor::skip_form function of Libelfin | v0.3 allows attackers to cause a denial of service (DOS) through a | segmentation fault via a crafted ELF file. https://github.com/aclements/libelfin/issues/47 https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-24821 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24821 [1] https://security-tracker.debian.org/tracker/CVE-2020-24822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24822 [2] https://security-tracker.debian.org/tracker/CVE-2020-24823 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24823 [3] https://security-tracker.debian.org/tracker/CVE-2020-24824 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24824 [4] https://security-tracker.debian.org/tracker/CVE-2020-24825 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24825 [5] https://security-tracker.debian.org/tracker/CVE-2020-24826 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24826 [6] https://security-tracker.debian.org/tracker/CVE-2020-24827 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24827 Please adjust the affected versions in the BTS as needed.
