Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Arch Linux ASA-201510-1 Low Risk: Libunwind Denial Of Service

Archlinux Large Esm H446
The package libunwind before version 1.1-3 is vulnerable to denial of service due to an off-by-one error.
Arch Linux Security Advisory ASA-201510-1
========================================
Severity: Low
Date    : 2015-10-05
CVE-ID  : CVE-2015-3239
Package : libunwind
Type    : denial of service
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package libunwind before version 1.1-3 is vulnerable to denial of service 
due to an off-by-one error.

Resolution
=========
Upgrade to 1.1-3.

# pacman -Syu "libunwind>=1.1-3"

Workaround
=========
None.

Description
==========
- CVE-2015-3239 (Unspecified Impact):

Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in
libunwind 1.1 allows local users to have unspecified impact via invalid dwarf
opcodes.

Impact
=====
An attacker could crash the library.

References
=========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3239
https://bugzilla.redhat.com/show_bug.cgi?id=1232265
https://bugs.archlinux.org/task/46474