Record count: 142
-Record count: 143
+id: DW202305-003 +
+cve: +
+fuzzer: ossfuzz id: 59091 +
+datereported: 2023-05-19 +
+reportedby: David Korczynski +
+vulnerability: Incorrect section bound check +
+product: libdwarf +
+description: A fuzzed line table in the non-standard + (experimental) two-level line table format + exposed a failure as the test was v > sectionend + whereas it has to be v >= sectionend as end pointers + are always one-past the end of the area. + This was incorrect since the experimental table support + was added in 2021. +
+datefixed: 2023-05-19 +
+references: regressiontest/ossfuzz59091/fuzz_macro_dwarf5-5135813562990592 +
+gitfixid: 4017ab8b92195641e6876b388cebe2d3307634f5 +
+tarrelease: +
+ +id: DW202305-002
cve: @@ -84,7 +116,7 @@
tarrelease:
-id: DW202305-001
cve: @@ -118,7 +150,7 @@
tarrelease:
-id: DW202304-004
cve: @@ -153,7 +185,7 @@
tarrelease:
-id: DW202304-003
cve: @@ -188,7 +220,7 @@
tarrelease:
-id: DW202304-002
cve: @@ -219,7 +251,7 @@
tarrelease:
-id: DW202304-001
cve: @@ -254,7 +286,7 @@
tarrelease:
-id: DW202303-059
cve: @@ -286,7 +318,7 @@
tarrelease:
-id: DW202303-058
cve: @@ -317,7 +349,7 @@
tarrelease:
-id: DW202303-057
cve: @@ -350,7 +382,7 @@
tarrelease:
-id: DW202303-056
cve: @@ -387,7 +419,7 @@
tarrelease:
-id: DW202303-055
cve: @@ -414,7 +446,7 @@
tarrelease:
-id: DW202303-054
cve: @@ -442,7 +474,7 @@
tarrelease:
-id: DW202303-053
cve: @@ -472,7 +504,7 @@
tarrelease:
-id: DW202303-052
cve: @@ -503,7 +535,7 @@
tarrelease:
-id: DW202303-051
cve: @@ -534,7 +566,7 @@
tarrelease:
-id: DW202303-050
cve: @@ -564,7 +596,7 @@
tarrelease:
-id: DW202303-049
cve: @@ -595,7 +627,7 @@
tarrelease:
-id: DW202303-048
cve: @@ -627,7 +659,7 @@
tarrelease:
-id: DW202303-047
cve: @@ -660,7 +692,7 @@
tarrelease:
-id: DW202303-046
cve: @@ -690,7 +722,7 @@
tarrelease:
-id: DW202303-045
cve: @@ -724,7 +756,7 @@
tarrelease:
-id: DW202303-044
cve: @@ -759,7 +791,7 @@
tarrelease:
-id: DW202303-043
cve: @@ -789,7 +821,7 @@
tarrelease:
-id: DW202303-042
cve: @@ -822,7 +854,7 @@
tarrelease:
-id: DW202303-041
cve: @@ -851,7 +883,7 @@
tarrelease:
-id: DW202303-040
cve: @@ -882,7 +914,7 @@
tarrelease:
-id: DW202303-039
cve: @@ -918,7 +950,7 @@
tarrelease:
-id: DW202303-038
cve: @@ -949,7 +981,7 @@
tarrelease:
-id: DW202303-037
cve: @@ -977,7 +1009,7 @@
tarrelease:
-id: DW202303-036
cve: @@ -1008,7 +1040,7 @@
tarrelease:
-id: DW202303-035
cve: @@ -1036,7 +1068,7 @@
tarrelease:
-id: DW202303-034
cve: @@ -1071,7 +1103,7 @@
tarrelease:
-id: DW202303-033
cve: @@ -1103,7 +1135,7 @@
tarrelease:
-id: DW202303-032
cve: @@ -1137,7 +1169,7 @@
tarrelease:
-id: DW202303-031
cve: @@ -1167,7 +1199,7 @@
tarrelease:
-id: DW202303-030
cve: @@ -1198,7 +1230,7 @@
tarrelease:
-id: DW202303-029
cve: @@ -1228,7 +1260,7 @@
tarrelease:
-id: DW202303-028
cve: @@ -1256,7 +1288,7 @@
tarrelease:
-id: DW202303-027
cve: @@ -1283,7 +1315,7 @@
tarrelease:
-id: DW202303-026
cve: @@ -1312,7 +1344,7 @@
tarrelease:
-id: DW202303-025
cve: @@ -1343,7 +1375,7 @@
tarrelease:
-id: DW202303-024
cve: @@ -1373,7 +1405,7 @@
tarrelease:
-id: DW202303-023
cve: @@ -1406,7 +1438,7 @@
tarrelease:
-id: DW202303-022
cve: @@ -1434,7 +1466,7 @@
tarrelease:
-id: DW202303-021
cve: @@ -1462,7 +1494,7 @@
tarrelease:
-id: DW202303-020
cve: @@ -1492,7 +1524,7 @@
tarrelease:
-id: DW202303-019
cve: @@ -1520,7 +1552,7 @@
tarrelease:
-id: DW202303-018
cve: @@ -1550,7 +1582,7 @@
tarrelease:
-id: DW202303-017
cve: @@ -1578,7 +1610,7 @@
tarrelease:
-id: DW202303-016
cve: @@ -1607,7 +1639,7 @@
tarrelease:
-id: DW202303-015
cve: @@ -1636,7 +1668,7 @@
tarrelease:
-id: DW202303-014
cve: @@ -1665,7 +1697,7 @@
tarrelease:
-id: DW202303-013
cve: @@ -1694,7 +1726,7 @@
tarrelease:
-id: DW202303-012
cve: @@ -1724,7 +1756,7 @@
tarrelease:
-id: DW202303-011
cve: @@ -1755,7 +1787,7 @@
tarrelease:
-id: DW202303-010
cve: @@ -1787,7 +1819,7 @@
tarrelease:
-id: DW202303-009
cve: @@ -1818,7 +1850,7 @@
tarrelease:
-id: DW202303-008
cve: @@ -1848,7 +1880,7 @@
tarrelease:
-id: DW202303-007
cve: @@ -1875,7 +1907,7 @@
tarrelease:
-id: DW202303-006
cve: @@ -1905,7 +1937,7 @@
tarrelease:
-id: DW202303-005
cve: @@ -1932,7 +1964,7 @@
tarrelease:
-id: DW202303-004
cve: @@ -1960,7 +1992,7 @@
tarrelease:
-id: DW202303-003
cve: @@ -1990,7 +2022,7 @@
tarrelease:
-id: DW202303-002
cve: @@ -2021,7 +2053,7 @@
tarrelease:
-id: DW202303-001
cve: @@ -2050,7 +2082,7 @@
tarrelease:
-id: DW202301-001
cve: @@ -2079,7 +2111,7 @@
tarrelease: libdwarf-0.6.0.tar.xz
-id: DW202212-001
cve: @@ -2121,7 +2153,7 @@
tarrelease: libdwarf-0.6.0.tar.xz
-id: DW202208-001
cve: @@ -2154,7 +2186,7 @@
tarrelease: libdwarf-0.5.0.tar.xz
-id: DW202207-001
cve: @@ -2187,7 +2219,7 @@
tarrelease: libdwarf-0.5.0.tar.xz
-id: DW202206-001
cve: @@ -2220,7 +2252,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202205-001
cve: @@ -2252,7 +2284,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-016
cve: @@ -2287,7 +2319,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-015
cve: @@ -2319,7 +2351,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-014
cve: @@ -2350,7 +2382,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-013
cve: @@ -2383,7 +2415,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-012
cve: @@ -2413,7 +2445,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-011
cve: @@ -2446,7 +2478,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-010
cve: @@ -2477,7 +2509,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-009
cve: @@ -2511,7 +2543,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-008
cve: @@ -2541,7 +2573,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-005
cve: @@ -2571,7 +2603,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-004
cve: @@ -2602,7 +2634,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-003
cve: @@ -2637,7 +2669,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-002
cve: @@ -2672,7 +2704,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202111-001
cve: @@ -2708,7 +2740,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW202010-003
cve: CVE-2020-28163 @@ -2746,7 +2778,7 @@
tarrelease:
-id: DW202010-002
cve: CVE-2020-28162 @@ -2789,7 +2821,7 @@
tarrelease:
-id: DW202010-001
cve: CVE-2020-27545 @@ -2829,7 +2861,7 @@
tarrelease:
-id: DW201907-001
cve: CVE-2019-14249 @@ -2854,7 +2886,7 @@
tarrelease: libdwarf-0.4.1.tar.xz
-id: DW201801-001
cve: @@ -2886,7 +2918,7 @@
tarrelease: libdwarf-20180129.tar.gz
-id: DW201712-001
cve: @@ -2919,7 +2951,7 @@
tarrelease:
-id: DW201711-002
cve: @@ -2950,7 +2982,7 @@
tarrelease:
-id: DW201711-001
cve: @@ -2982,7 +3014,7 @@
tarrelease:
-id: DW201709-001
cve: @@ -3011,7 +3043,7 @@
tarrelease:
-id: DW201706-001
cve: CVE-2017-9998 @@ -3048,7 +3080,7 @@
tarrelease:
-id: DW201703-007
cve: @@ -3099,7 +3131,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201703-006
cve: CVE-2017-9052 @@ -3146,7 +3178,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201703-005
cve: CVE-2017-9053 @@ -3194,7 +3226,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201703-004
cve: @@ -3245,7 +3277,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201703-003
cve: @@ -3298,7 +3330,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201703-002
cve: CVE-2017-9054 @@ -3349,7 +3381,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201703-001
cve: CVE-2017-9055 @@ -3400,7 +3432,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201611-008
cve: CVE-2016-10254 @@ -3434,7 +3466,7 @@
tarrelease:
-id: DW201611-007
cve: CVE-2016-10255 @@ -3469,7 +3501,7 @@
tarrelease:
-id: DW201611-006
cve: CVE-2016-9480 @@ -3533,7 +3565,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201611-005
cve: CVE-2016-9558 @@ -3562,7 +3594,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201611-004
cve: CVE-2016-9275 @@ -3592,7 +3624,7 @@
tarrelease:
-id: DW201611-003
cve: CVE-2016-9276 @@ -3621,7 +3653,7 @@
tarrelease: libdwarf-20170416.tar.gz
-id: DW201611-002
cve: @@ -3660,7 +3692,7 @@
tarrelease: libdwarf-20170416.tar.gz
-id: DW201611-001
cve: @@ -3699,7 +3731,7 @@
tarrelease: libdwarf-20170416.tar.gz
-id: DW201610-003
cve: CVE-2016-8679 @@ -3733,7 +3765,7 @@
tarrelease:
-id: DW201610-002
cve: CVE-2016-8680 @@ -3766,7 +3798,7 @@
tarrelease:
-id: DW201610-001
cve: CVE-2016-8681 @@ -3799,7 +3831,7 @@
tarrelease:
-id: DW201609-004
cve: CVE-2016-7510 @@ -3842,7 +3874,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201609-003
cve: CVE-2016-7410 @@ -3904,7 +3936,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201609-002
cve: CVE-2016-7511 @@ -3948,7 +3980,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201609-001
cve: @@ -4001,7 +4033,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-020
cve: CVE-2016-5027 @@ -4040,7 +4072,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-019
cve: CVE-2016-5028 @@ -4070,7 +4102,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-018
cve: CVE-2016-5029 @@ -4119,7 +4151,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-017
cve: CVE-2016-5030 @@ -4180,7 +4212,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-016
cve: @@ -4237,7 +4269,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-015
cve: CVE-2016-5031 @@ -4286,7 +4318,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-014
cve: CVE-2016-5032 @@ -4327,7 +4359,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-013
cve: CVE-2016-5033 @@ -4365,7 +4397,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-012
cve: CVE-2016-5034 @@ -4398,7 +4430,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-011
cve: CVE-2016-5035 @@ -4427,7 +4459,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-010
cve: CVE-2016-5036 @@ -4457,7 +4489,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-009
cve: CVE-2016-5037 @@ -4488,7 +4520,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-008
cve: CVE-2016-5038 @@ -4521,7 +4553,7 @@
tarrelease: libdwarf-20160923.tar.gz
-id: DW201605-007
cve: CVE-2016-5039 @@ -4552,7 +4584,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-006
cve: @@ -4585,7 +4617,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-005
cve: CVE-2016-5040 @@ -4618,7 +4650,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-004
cve: CVE-2016-5041 @@ -4653,7 +4685,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-003
cve: CVE-2016-5042 @@ -4686,7 +4718,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-002
cve: CVE-2016-5043 @@ -4731,7 +4763,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201605-001
cve: CVE-2016-5044 @@ -4774,7 +4806,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201601-002
cve: CVE-2016-2050 @@ -4816,7 +4848,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201601-001
cve: CVE-2016-2091 @@ -4860,7 +4892,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201512-002
cve: CVE-2015-8538 @@ -4896,7 +4928,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201512-001
cve: CVE-2015-8750 @@ -4929,7 +4961,7 @@
tarrelease: libdwarf-20160507.tar.gz
-id: DW201412-001
cve: CVE-2014-9482
diff --git a/bugxml/dwarfbug.xml b/bugxml/dwarfbug.xml
index 01a5ef422..ab106e60e 100644
--- a/bugxml/dwarfbug.xml
+++ b/bugxml/dwarfbug.xml
@@ -3,6 +3,39 @@
Vulnerabilities
Record count: 142
+Record count: 143
id: DW201412-001
@@ -4961,6 +4961,38 @@tarrelease:
+id: DW202305-003 +
+cve: +
+fuzzer: ossfuzz id: 59091 +
+datereported: 2023-05-19 +
+reportedby: David Korczynski +
+vulnerability: Incorrect section bound check +
+product: libdwarf +
+description: A fuzzed line table in the non-standard + (experimental) two-level line table format + exposed a failure as the test was v > sectionend + whereas it has to be v >= sectionend as end pointers + are always one-past the end of the area. + This was incorrect since the experimental table support + was added in 2021. +
+datefixed: 2023-05-19 +
+references: regressiontest/ossfuzz59091/fuzz_macro_dwarf5-5135813562990592 +
+gitfixid: 4017ab8b92195641e6876b388cebe2d3307634f5 +
+tarrelease: +
+