CVE-2020-28163

Published: Apr 16, 2023Modified: Feb 6, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.

Affected (1)

Products: Libdwarf Project: Libdwarf

Libdwarf Project

1 product

Libdwarf

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libdwarf Project Libdwarf	Before 2020-12-01

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/

Source: cve@mitre.org

Product

https://bugzilla.redhat.com/show_bug.cgi?id=2026000

Source: cve@mitre.org

Issue TrackingPermissions RequiredThird Party Advisory

https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3

Source: cve@mitre.org

Patch

https://www.prevanders.net/dwarfbug.html#DW202010-003

Source: cve@mitre.org

Third Party Advisory

http://web.archive.org/web/20190601140703/https://sourceforge.net/projects/libdwarf/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://bugzilla.redhat.com/show_bug.cgi?id=2026000

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions RequiredThird Party Advisory

https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.prevanders.net/dwarfbug.html#DW202010-003

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.