CVE-2022-39170

Published: Sep 2, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

Affected (2)

Products: Libdwarf Project: Libdwarf · Fedoraproject: Fedora

Libdwarf Project

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libdwarf Project Libdwarf	Version 0.4.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/davea42/libdwarf-code/issues/132

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/

Source: cve@mitre.org

https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/davea42/libdwarf-code/issues/132

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.