CVE-2022-39170

Public on 2022-09-02
Modified on 2024-02-13
Description
A double-free vulnerability was found in libdwarf's dwarf_expand_frame_instructions() function of the dwarf_frame.c file. A carefully crafted object file could cause the ‘dwarfdump' utility to do a double free in handling an error condition. This issue could cause a segmentation violation or other major error, terminating the calling application and resulting in a denial of service.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 libdwarf Not Affected
Amazon Linux 2 - Core libdwarf Not Affected
Amazon Linux 2023 libdwarf 2023-02-17 ALAS2023-2023-093 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.1 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
NVD CVSSv3 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H