Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-3239 (GCVE-0-2015-3239)
Vulnerability from cvelistv5 – Published: 2015-08-26 19:00 – Updated: 2024-08-06 05:39
VLAI?
EPSS
Summary
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"
},
{
"name": "RHSA-2015:1769",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"
},
{
"name": "RHSA-2015:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"
},
{
"name": "76707",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76707"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:1675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"
},
{
"name": "RHSA-2015:1769",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"
},
{
"name": "RHSA-2015:1768",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"
},
{
"name": "76707",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76707"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3239",
"datePublished": "2015-08-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-3239\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-08-26T19:59:04.393\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de error por un paso en la funci\u00f3n dwarf_to_unw_regnum en include/dwarf_i.h en libunwind 1.1, permite a usuarios locales tener un impacto no especificado a trav\u00e9s de c\u00f3digos de operaci\u00f3n dwarf no v\u00e1lidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":3.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libunwind_project:libunwind:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8AFA73F-E62D-463F-A8B9-84470715A520\"}]}]}],\"references\":[{\"url\":\"http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1675.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1768.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1769.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/76707\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1232265\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1675.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1768.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1769.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/76707\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1232265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
}
}
CNVD-2015-05778
Vulnerability from cnvd - Published: 2015-09-01
VLAI Severity ?
Title
libunwind差一错误漏洞
Description
libunwind是一个为基于64位CPU和操作系统的程序提供基本堆栈辗转开解功能的库,它包括用于输出堆栈跟踪的API、以编程方式辗转开解堆栈的API以及支持C++异常处理机制的API。
libunwind 1.1版本的include/dwarf_i.h文件中的‘dwarf_to_unw_regnum’函数中存在差一错误漏洞。目前没有详细的漏洞描述。
Severity
低
Patch Name
libunwind差一错误漏洞的补丁
Patch Description
libunwind是一个为基于64位CPU和操作系统的程序提供基本堆栈辗转开解功能的库,它包括用于输出堆栈跟踪的API、以编程方式辗转开解堆栈的API以及支持C++异常处理机制的API。libunwind 1.1版本的include/dwarf_i.h文件中的‘dwarf_to_unw_regnum’函数中存在差一错误漏洞。目前没有详细的漏洞描述。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=1232265
Impacted products
| Name | libunwind libunwind 1.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-3239"
}
},
"description": "libunwind\u662f\u4e00\u4e2a\u4e3a\u57fa\u4e8e64\u4f4dCPU\u548c\u64cd\u4f5c\u7cfb\u7edf\u7684\u7a0b\u5e8f\u63d0\u4f9b\u57fa\u672c\u5806\u6808\u8f97\u8f6c\u5f00\u89e3\u529f\u80fd\u7684\u5e93\uff0c\u5b83\u5305\u62ec\u7528\u4e8e\u8f93\u51fa\u5806\u6808\u8ddf\u8e2a\u7684API\u3001\u4ee5\u7f16\u7a0b\u65b9\u5f0f\u8f97\u8f6c\u5f00\u89e3\u5806\u6808\u7684API\u4ee5\u53ca\u652f\u6301C++\u5f02\u5e38\u5904\u7406\u673a\u5236\u7684API\u3002\r\n\r\nlibunwind 1.1\u7248\u672c\u7684include/dwarf_i.h\u6587\u4ef6\u4e2d\u7684\u2018dwarf_to_unw_regnum\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5dee\u4e00\u9519\u8bef\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u63cf\u8ff0\u3002",
"discovererName": "unknown",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-05778",
"openTime": "2015-09-01",
"patchDescription": "libunwind\u662f\u4e00\u4e2a\u4e3a\u57fa\u4e8e64\u4f4dCPU\u548c\u64cd\u4f5c\u7cfb\u7edf\u7684\u7a0b\u5e8f\u63d0\u4f9b\u57fa\u672c\u5806\u6808\u8f97\u8f6c\u5f00\u89e3\u529f\u80fd\u7684\u5e93\uff0c\u5b83\u5305\u62ec\u7528\u4e8e\u8f93\u51fa\u5806\u6808\u8ddf\u8e2a\u7684API\u3001\u4ee5\u7f16\u7a0b\u65b9\u5f0f\u8f97\u8f6c\u5f00\u89e3\u5806\u6808\u7684API\u4ee5\u53ca\u652f\u6301C++\u5f02\u5e38\u5904\u7406\u673a\u5236\u7684API\u3002libunwind 1.1\u7248\u672c\u7684include/dwarf_i.h\u6587\u4ef6\u4e2d\u7684\u2018dwarf_to_unw_regnum\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5dee\u4e00\u9519\u8bef\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u63cf\u8ff0\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "libunwind\u5dee\u4e00\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "libunwind libunwind 1.1"
},
"referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265",
"serverity": "\u4f4e",
"submitTime": "2015-08-28",
"title": "libunwind\u5dee\u4e00\u9519\u8bef\u6f0f\u6d1e"
}
RHSA-2015:1675
Vulnerability from csaf_redhat - Published: 2015-08-24 19:57 - Updated: 2025-11-21 17:53Summary
Red Hat Security Advisory: libunwind security update
Notes
Topic
Updated libunwind packages that fix a security flaw are now available for
Red Hat Enterprise Linux OpenStack Platform 6.0.
Red Hat Product Security has rated this update as having Low security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Libunwind provides a C ABI to determine the call-chain of a program.
An off by one array indexing error was found in libunwind. It is unlikely
that any exploitable attack vector exists in current builds or supported
usage. (CVE-2015-3239)
This issue was discovered by Paolo Bonzini of Red Hat.
All users of libunwind are advised to upgrade to these updated packages,
which correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated libunwind packages that fix a security flaw are now available for\nRed Hat Enterprise Linux OpenStack Platform 6.0.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libunwind provides a C ABI to determine the call-chain of a program.\n\nAn off by one array indexing error was found in libunwind. It is unlikely\nthat any exploitable attack vector exists in current builds or supported\nusage. (CVE-2015-3239)\n\nThis issue was discovered by Paolo Bonzini of Red Hat.\n\nAll users of libunwind are advised to upgrade to these updated packages,\nwhich correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1675",
"url": "https://access.redhat.com/errata/RHSA-2015:1675"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1232265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1675.json"
}
],
"title": "Red Hat Security Advisory: libunwind security update",
"tracking": {
"current_release_date": "2025-11-21T17:53:23+00:00",
"generator": {
"date": "2025-11-21T17:53:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:1675",
"initial_release_date": "2015-08-24T19:57:58+00:00",
"revision_history": [
{
"date": "2015-08-24T19:57:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-08-24T19:57:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:53:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-0:1.1-4.1.el7ost.src",
"product": {
"name": "libunwind-0:1.1-4.1.el7ost.src",
"product_id": "libunwind-0:1.1-4.1.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind@1.1-4.1.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-0:1.1-4.1.el7ost.x86_64",
"product": {
"name": "libunwind-0:1.1-4.1.el7ost.x86_64",
"product_id": "libunwind-0:1.1-4.1.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind@1.1-4.1.el7ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"product": {
"name": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"product_id": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind-debuginfo@1.1-4.1.el7ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-0:1.1-4.1.el7ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.src"
},
"product_reference": "libunwind-0:1.1-4.1.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-0:1.1-4.1.el7ost.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.x86_64"
},
"product_reference": "libunwind-0:1.1-4.1.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64"
},
"product_reference": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Paolo Bonzini"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-3239",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2015-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1232265"
}
],
"notes": [
{
"category": "description",
"text": "An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libunwind: off-by-one in dwarf_to_unw_regnum()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.src",
"7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-6.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3239"
},
{
"category": "external",
"summary": "RHBZ#1232265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3239"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3239",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3239"
}
],
"release_date": "2015-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-08-24T19:57:58+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.src",
"7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-6.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1675"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.src",
"7Server-RH7-RHOS-6.0:libunwind-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-6.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libunwind: off-by-one in dwarf_to_unw_regnum()"
}
]
}
RHSA-2015:1768
Vulnerability from csaf_redhat - Published: 2015-09-10 12:05 - Updated: 2025-11-21 17:53Summary
Red Hat Security Advisory: libunwind security update
Notes
Topic
Updated libunwind packages that fix one security issue are now available
for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise
Linux 6.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
Libunwind provides a C ABI to determine the call-chain of a program.
An off-by-one array indexing error was found in the libunwind API, which
could cause an error when reading untrusted binaries or dwarf debug info
data. Red Hat products do not call the API in this way; and it is unlikely
that any exploitable attack vector exists in current builds or supported
usage. (CVE-2015-3239)
This issue was discovered by Paolo Bonzini of Red Hat.
All users of libunwind are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated libunwind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libunwind provides a C ABI to determine the call-chain of a program.\n\nAn off-by-one array indexing error was found in the libunwind API, which\ncould cause an error when reading untrusted binaries or dwarf debug info\ndata. Red Hat products do not call the API in this way; and it is unlikely\nthat any exploitable attack vector exists in current builds or supported\nusage. (CVE-2015-3239)\n\nThis issue was discovered by Paolo Bonzini of Red Hat.\n\nAll users of libunwind are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1768",
"url": "https://access.redhat.com/errata/RHSA-2015:1768"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1232265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1768.json"
}
],
"title": "Red Hat Security Advisory: libunwind security update",
"tracking": {
"current_release_date": "2025-11-21T17:53:35+00:00",
"generator": {
"date": "2025-11-21T17:53:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:1768",
"initial_release_date": "2015-09-10T12:05:00+00:00",
"revision_history": [
{
"date": "2015-09-10T12:05:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-10T12:05:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:53:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"product_id": "6Server-RH6-RHOS-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:5::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-0:1.1-4.1.el6ost.src",
"product": {
"name": "libunwind-0:1.1-4.1.el6ost.src",
"product_id": "libunwind-0:1.1-4.1.el6ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind@1.1-4.1.el6ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-0:1.1-4.1.el6ost.x86_64",
"product": {
"name": "libunwind-0:1.1-4.1.el6ost.x86_64",
"product_id": "libunwind-0:1.1-4.1.el6ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind@1.1-4.1.el6ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64",
"product": {
"name": "libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64",
"product_id": "libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind-debuginfo@1.1-4.1.el6ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-0:1.1-4.1.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"product_id": "6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.src"
},
"product_reference": "libunwind-0:1.1-4.1.el6ost.src",
"relates_to_product_reference": "6Server-RH6-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-0:1.1-4.1.el6ost.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"product_id": "6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.x86_64"
},
"product_reference": "libunwind-0:1.1-4.1.el6ost.x86_64",
"relates_to_product_reference": "6Server-RH6-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6",
"product_id": "6Server-RH6-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64"
},
"product_reference": "libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64",
"relates_to_product_reference": "6Server-RH6-RHOS-5.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Paolo Bonzini"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-3239",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2015-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1232265"
}
],
"notes": [
{
"category": "description",
"text": "An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libunwind: off-by-one in dwarf_to_unw_regnum()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.src",
"6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.x86_64",
"6Server-RH6-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3239"
},
{
"category": "external",
"summary": "RHBZ#1232265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3239"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3239",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3239"
}
],
"release_date": "2015-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T12:05:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.src",
"6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.x86_64",
"6Server-RH6-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1768"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.src",
"6Server-RH6-RHOS-5.0:libunwind-0:1.1-4.1.el6ost.x86_64",
"6Server-RH6-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el6ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libunwind: off-by-one in dwarf_to_unw_regnum()"
}
]
}
RHSA-2015:1769
Vulnerability from csaf_redhat - Published: 2015-09-10 12:04 - Updated: 2025-11-21 17:53Summary
Red Hat Security Advisory: libunwind security update
Notes
Topic
Updated libunwind packages that fix one security issue are now available
for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise
Linux 7.
Red Hat Product Security has rated this update as having Low security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
Libunwind provides a C ABI to determine the call-chain of a program.
An off-by-one array indexing error was found in the libunwind API, which
could cause an error when reading untrusted binaries or dwarf debug info
data. Red Hat products do not call the API in this way; and it is unlikely
that any exploitable attack vector exists in current builds or supported
usage. (CVE-2015-3239)
This issue was discovered by Paolo Bonzini of Red Hat.
All users of libunwind are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated libunwind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libunwind provides a C ABI to determine the call-chain of a program.\n\nAn off-by-one array indexing error was found in the libunwind API, which\ncould cause an error when reading untrusted binaries or dwarf debug info\ndata. Red Hat products do not call the API in this way; and it is unlikely\nthat any exploitable attack vector exists in current builds or supported\nusage. (CVE-2015-3239)\n\nThis issue was discovered by Paolo Bonzini of Red Hat.\n\nAll users of libunwind are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1769",
"url": "https://access.redhat.com/errata/RHSA-2015:1769"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1232265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1769.json"
}
],
"title": "Red Hat Security Advisory: libunwind security update",
"tracking": {
"current_release_date": "2025-11-21T17:53:35+00:00",
"generator": {
"date": "2025-11-21T17:53:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:1769",
"initial_release_date": "2015-09-10T12:04:37+00:00",
"revision_history": [
{
"date": "2015-09-10T12:04:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-10T12:04:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:53:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:5::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-0:1.1-4.1.el7ost.src",
"product": {
"name": "libunwind-0:1.1-4.1.el7ost.src",
"product_id": "libunwind-0:1.1-4.1.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind@1.1-4.1.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-0:1.1-4.1.el7ost.x86_64",
"product": {
"name": "libunwind-0:1.1-4.1.el7ost.x86_64",
"product_id": "libunwind-0:1.1-4.1.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind@1.1-4.1.el7ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libunwind-devel-0:1.1-4.1.el7ost.x86_64",
"product": {
"name": "libunwind-devel-0:1.1-4.1.el7ost.x86_64",
"product_id": "libunwind-devel-0:1.1-4.1.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind-devel@1.1-4.1.el7ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"product": {
"name": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"product_id": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libunwind-debuginfo@1.1-4.1.el7ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-0:1.1-4.1.el7ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.src"
},
"product_reference": "libunwind-0:1.1-4.1.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-0:1.1-4.1.el7ost.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.x86_64"
},
"product_reference": "libunwind-0:1.1-4.1.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64"
},
"product_reference": "libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-0:1.1-4.1.el7ost.x86_64 as a component of Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7",
"product_id": "7Server-RH7-RHOS-5.0:libunwind-devel-0:1.1-4.1.el7ost.x86_64"
},
"product_reference": "libunwind-devel-0:1.1-4.1.el7ost.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOS-5.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Paolo Bonzini"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-3239",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2015-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1232265"
}
],
"notes": [
{
"category": "description",
"text": "An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libunwind: off-by-one in dwarf_to_unw_regnum()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.src",
"7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-5.0:libunwind-devel-0:1.1-4.1.el7ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3239"
},
{
"category": "external",
"summary": "RHBZ#1232265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3239"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3239",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3239"
}
],
"release_date": "2015-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-10T12:04:37+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.src",
"7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-5.0:libunwind-devel-0:1.1-4.1.el7ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1769"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.src",
"7Server-RH7-RHOS-5.0:libunwind-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-5.0:libunwind-debuginfo-0:1.1-4.1.el7ost.x86_64",
"7Server-RH7-RHOS-5.0:libunwind-devel-0:1.1-4.1.el7ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libunwind: off-by-one in dwarf_to_unw_regnum()"
}
]
}
GSD-2015-3239
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3239",
"description": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.",
"id": "GSD-2015-3239",
"references": [
"https://www.suse.com/security/cve/CVE-2015-3239.html",
"https://access.redhat.com/errata/RHSA-2015:1769",
"https://access.redhat.com/errata/RHSA-2015:1768",
"https://access.redhat.com/errata/RHSA-2015:1675",
"https://advisories.mageia.org/CVE-2015-3239.html",
"https://alas.aws.amazon.com/cve/html/CVE-2015-3239.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-3239"
],
"details": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.",
"id": "GSD-2015-3239",
"modified": "2023-12-13T01:20:07.525051Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1",
"refsource": "MISC",
"url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2015-1675.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2015-1768.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2015-1769.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"
},
{
"name": "http://www.securityfocus.com/bid/76707",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/76707"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libunwind_project:libunwind:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3239"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1675",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265",
"refsource": "CONFIRM",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"name": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1",
"refsource": "CONFIRM",
"tags": [],
"url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"
},
{
"name": "76707",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/76707"
},
{
"name": "RHSA-2015:1769",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"
},
{
"name": "RHSA-2015:1768",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T00:48Z",
"publishedDate": "2015-08-26T19:59Z"
}
}
}
OPENSUSE-SU-2024:10288-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libunwind-1.2~rc1-2.3 on GA media
Notes
Title of the patch
libunwind-1.2~rc1-2.3 on GA media
Description of the patch
These are all security issues fixed in the libunwind-1.2~rc1-2.3 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10288
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libunwind-1.2~rc1-2.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libunwind-1.2~rc1-2.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10288",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10288-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3239 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3239/"
}
],
"title": "libunwind-1.2~rc1-2.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10288-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.2~rc1-2.3.aarch64",
"product": {
"name": "libunwind-1.2~rc1-2.3.aarch64",
"product_id": "libunwind-1.2~rc1-2.3.aarch64"
}
},
{
"category": "product_version",
"name": "libunwind-32bit-1.2~rc1-2.3.aarch64",
"product": {
"name": "libunwind-32bit-1.2~rc1-2.3.aarch64",
"product_id": "libunwind-32bit-1.2~rc1-2.3.aarch64"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.2~rc1-2.3.aarch64",
"product": {
"name": "libunwind-devel-1.2~rc1-2.3.aarch64",
"product_id": "libunwind-devel-1.2~rc1-2.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.2~rc1-2.3.ppc64le",
"product": {
"name": "libunwind-1.2~rc1-2.3.ppc64le",
"product_id": "libunwind-1.2~rc1-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libunwind-32bit-1.2~rc1-2.3.ppc64le",
"product": {
"name": "libunwind-32bit-1.2~rc1-2.3.ppc64le",
"product_id": "libunwind-32bit-1.2~rc1-2.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.2~rc1-2.3.ppc64le",
"product": {
"name": "libunwind-devel-1.2~rc1-2.3.ppc64le",
"product_id": "libunwind-devel-1.2~rc1-2.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.2~rc1-2.3.s390x",
"product": {
"name": "libunwind-1.2~rc1-2.3.s390x",
"product_id": "libunwind-1.2~rc1-2.3.s390x"
}
},
{
"category": "product_version",
"name": "libunwind-32bit-1.2~rc1-2.3.s390x",
"product": {
"name": "libunwind-32bit-1.2~rc1-2.3.s390x",
"product_id": "libunwind-32bit-1.2~rc1-2.3.s390x"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.2~rc1-2.3.s390x",
"product": {
"name": "libunwind-devel-1.2~rc1-2.3.s390x",
"product_id": "libunwind-devel-1.2~rc1-2.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.2~rc1-2.3.x86_64",
"product": {
"name": "libunwind-1.2~rc1-2.3.x86_64",
"product_id": "libunwind-1.2~rc1-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "libunwind-32bit-1.2~rc1-2.3.x86_64",
"product": {
"name": "libunwind-32bit-1.2~rc1-2.3.x86_64",
"product_id": "libunwind-32bit-1.2~rc1-2.3.x86_64"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.2~rc1-2.3.x86_64",
"product": {
"name": "libunwind-devel-1.2~rc1-2.3.x86_64",
"product_id": "libunwind-devel-1.2~rc1-2.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.2~rc1-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.aarch64"
},
"product_reference": "libunwind-1.2~rc1-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.2~rc1-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.ppc64le"
},
"product_reference": "libunwind-1.2~rc1-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.2~rc1-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.s390x"
},
"product_reference": "libunwind-1.2~rc1-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.2~rc1-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.x86_64"
},
"product_reference": "libunwind-1.2~rc1-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-32bit-1.2~rc1-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.aarch64"
},
"product_reference": "libunwind-32bit-1.2~rc1-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-32bit-1.2~rc1-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.ppc64le"
},
"product_reference": "libunwind-32bit-1.2~rc1-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-32bit-1.2~rc1-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.s390x"
},
"product_reference": "libunwind-32bit-1.2~rc1-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-32bit-1.2~rc1-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.x86_64"
},
"product_reference": "libunwind-32bit-1.2~rc1-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.2~rc1-2.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.aarch64"
},
"product_reference": "libunwind-devel-1.2~rc1-2.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.2~rc1-2.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.ppc64le"
},
"product_reference": "libunwind-devel-1.2~rc1-2.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.2~rc1-2.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.s390x"
},
"product_reference": "libunwind-devel-1.2~rc1-2.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.2~rc1-2.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.x86_64"
},
"product_reference": "libunwind-devel-1.2~rc1-2.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3239"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.x86_64",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.x86_64",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3239",
"url": "https://www.suse.com/security/cve/CVE-2015-3239"
},
{
"category": "external",
"summary": "SUSE Bug 1122012 for CVE-2015-3239",
"url": "https://bugzilla.suse.com/1122012"
},
{
"category": "external",
"summary": "SUSE Bug 936786 for CVE-2015-3239",
"url": "https://bugzilla.suse.com/936786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.x86_64",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.x86_64",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-1.2~rc1-2.3.x86_64",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-32bit-1.2~rc1-2.3.x86_64",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.aarch64",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.ppc64le",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.s390x",
"openSUSE Tumbleweed:libunwind-devel-1.2~rc1-2.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3239"
}
]
}
FKIE_CVE-2015-3239
Vulnerability from fkie_nvd - Published: 2015-08-26 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libunwind_project | libunwind | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libunwind_project:libunwind:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8AFA73F-E62D-463F-A8B9-84470715A520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes."
},
{
"lang": "es",
"value": "Vulnerabilidad de error por un paso en la funci\u00f3n dwarf_to_unw_regnum en include/dwarf_i.h en libunwind 1.1, permite a usuarios locales tener un impacto no especificado a trav\u00e9s de c\u00f3digos de operaci\u00f3n dwarf no v\u00e1lidos."
}
],
"id": "CVE-2015-3239",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-26T19:59:04.393",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76707"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2019:0284-1
Vulnerability from csaf_suse - Published: 2019-02-07 12:24 - Updated: 2019-02-07 12:24Summary
Security update for libunwind
Notes
Title of the patch
Security update for libunwind
Description of the patch
This update for libunwind fixes the following issues:
Security issues fixed:
- CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786)
Non-security issues fixed:
- Fixed a dependency issue with libzmq5 (bsc#1122012)
- Fixed build on armv7 (bsc#976955)
Patchnames
SUSE-2019-284,SUSE-SLE-DESKTOP-12-SP3-2019-284,SUSE-SLE-DESKTOP-12-SP4-2019-284,SUSE-SLE-SDK-12-SP3-2019-284,SUSE-SLE-SDK-12-SP4-2019-284,SUSE-SLE-SERVER-12-SP3-2019-284,SUSE-SLE-SERVER-12-SP4-2019-284
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libunwind",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libunwind fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2015-3239: Fixed a off-by-one in the dwarf_to_unw_regnum function (bsc#936786)\n\nNon-security issues fixed:\n\n- Fixed a dependency issue with libzmq5 (bsc#1122012)\n- Fixed build on armv7 (bsc#976955)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-284,SUSE-SLE-DESKTOP-12-SP3-2019-284,SUSE-SLE-DESKTOP-12-SP4-2019-284,SUSE-SLE-SDK-12-SP3-2019-284,SUSE-SLE-SDK-12-SP4-2019-284,SUSE-SLE-SERVER-12-SP3-2019-284,SUSE-SLE-SERVER-12-SP4-2019-284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0284-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0284-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190284-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0284-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005095.html"
},
{
"category": "self",
"summary": "SUSE Bug 1122012",
"url": "https://bugzilla.suse.com/1122012"
},
{
"category": "self",
"summary": "SUSE Bug 936786",
"url": "https://bugzilla.suse.com/936786"
},
{
"category": "self",
"summary": "SUSE Bug 976955",
"url": "https://bugzilla.suse.com/976955"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3239 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3239/"
}
],
"title": "Security update for libunwind",
"tracking": {
"current_release_date": "2019-02-07T12:24:06Z",
"generator": {
"date": "2019-02-07T12:24:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0284-1",
"initial_release_date": "2019-02-07T12:24:06Z",
"revision_history": [
{
"date": "2019-02-07T12:24:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.1-11.3.1.aarch64",
"product": {
"name": "libunwind-1.1-11.3.1.aarch64",
"product_id": "libunwind-1.1-11.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.1-11.3.1.aarch64",
"product": {
"name": "libunwind-devel-1.1-11.3.1.aarch64",
"product_id": "libunwind-devel-1.1-11.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-64bit-1.1-11.3.1.aarch64_ilp32",
"product": {
"name": "libunwind-64bit-1.1-11.3.1.aarch64_ilp32",
"product_id": "libunwind-64bit-1.1-11.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.1-11.3.1.i586",
"product": {
"name": "libunwind-1.1-11.3.1.i586",
"product_id": "libunwind-1.1-11.3.1.i586"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.1-11.3.1.i586",
"product": {
"name": "libunwind-devel-1.1-11.3.1.i586",
"product_id": "libunwind-devel-1.1-11.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.1-11.3.1.ppc64le",
"product": {
"name": "libunwind-1.1-11.3.1.ppc64le",
"product_id": "libunwind-1.1-11.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.1-11.3.1.ppc64le",
"product": {
"name": "libunwind-devel-1.1-11.3.1.ppc64le",
"product_id": "libunwind-devel-1.1-11.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libunwind-1.1-11.3.1.x86_64",
"product": {
"name": "libunwind-1.1-11.3.1.x86_64",
"product_id": "libunwind-1.1-11.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libunwind-32bit-1.1-11.3.1.x86_64",
"product": {
"name": "libunwind-32bit-1.1-11.3.1.x86_64",
"product_id": "libunwind-32bit-1.1-11.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libunwind-devel-1.1-11.3.1.x86_64",
"product": {
"name": "libunwind-devel-1.1-11.3.1.x86_64",
"product_id": "libunwind-devel-1.1-11.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libunwind-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libunwind-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-devel-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-devel-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-devel-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-devel-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-devel-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.aarch64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le"
},
"product_reference": "libunwind-devel-1.1-11.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libunwind-devel-1.1-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.x86_64"
},
"product_reference": "libunwind-devel-1.1-11.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3239"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3239",
"url": "https://www.suse.com/security/cve/CVE-2015-3239"
},
{
"category": "external",
"summary": "SUSE Bug 1122012 for CVE-2015-3239",
"url": "https://bugzilla.suse.com/1122012"
},
{
"category": "external",
"summary": "SUSE Bug 936786 for CVE-2015-3239",
"url": "https://bugzilla.suse.com/936786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libunwind-devel-1.1-11.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libunwind-devel-1.1-11.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-07T12:24:06Z",
"details": "moderate"
}
],
"title": "CVE-2015-3239"
}
]
}
GHSA-5MWH-64PF-674P
Vulnerability from github – Published: 2022-05-17 03:20 – Updated: 2022-05-17 03:20
VLAI?
Details
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
{
"affected": [],
"aliases": [
"CVE-2015-3239"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-08-26T19:59:00Z",
"severity": "LOW"
},
"details": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.",
"id": "GHSA-5mwh-64pf-674p",
"modified": "2022-05-17T03:20:28Z",
"published": "2022-05-17T03:20:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3239"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1675"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1768"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1769"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-3239"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"
},
{
"type": "WEB",
"url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76707"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…