CVE-2024-2002

Published: Mar 18, 2024Modified: Apr 9, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: secalert@redhat.com (Secondary)

Description

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

Affected (4)

Products: Libdwarf Project: Libdwarf · Redhat: Enterprise Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libdwarf Project Libdwarf	From 0.1.0 to 0.9.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 40

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (7)

https://access.redhat.com/security/cve/CVE-2024-2002

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2267700

Source: secalert@redhat.com

Issue Tracking

https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2024-2002

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2267700

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGPVLSPIXR32J6FOAFTTIMYTUUXJICGW/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

Timeline

No history available yet.