Vulnerability Description
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libdwarf Project | Libdwarf | >= 1999-12-14, <= 2017-06-28 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99310Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1465756ExploitIssue TrackingThird Party Advisory
- http://www.securityfocus.com/bid/99310Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1465756ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2017-9998?
CVE-2017-9998 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
How severe is CVE-2017-9998?
CVE-2017-9998 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9998?
Check the references section above for vendor advisories and patch information. Affected products include: Libdwarf Project Libdwarf.