CVE-2024-31745
Public on 2024-04-19
Modified on 2024-04-22
Description
Libdwarf v0.9.1 was discovered to contain a heap use-after-free via the dw_empty_errlist_item function at /libdwarf/dwarf_alloc.c.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | libdwarf | Not Affected | ||
| Amazon Linux 2 - Core | libdwarf | Not Affected | ||
| Amazon Linux 2023 | libdwarf | 2024-03-27 | ALAS2023-2024-579 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |