{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1675", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"}, {"name": "RHSA-2015:1769", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"}, {"name": "RHSA-2015:1768", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"}, {"name": "76707", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76707"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.093Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1675", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"}, {"name": "RHSA-2015:1769", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"}, {"name": "RHSA-2015:1768", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"}, {"name": "76707", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76707"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3239", "datePublished": "2015-08-26T19:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.093Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libunwind_project:libunwind:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8AFA73F-E62D-463F-A8B9-84470715A520", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes."}, {"lang": "es", "value": "Vulnerabilidad de error por un paso en la funci\u00f3n dwarf_to_unw_regnum en include/dwarf_i.h en libunwind 1.1, permite a usuarios locales tener un impacto no especificado a trav\u00e9s de c\u00f3digos de operaci\u00f3n dwarf no v\u00e1lidos."}], "id": "CVE-2015-3239", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-26T19:59:04.393", "references": [{"source": "secalert@redhat.com", "url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/76707"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1675.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1768.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1769.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76707"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Paolo Bonzini (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:1768", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "libunwind-0:1.1-4.1.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-09-10T00:00:00Z"}, {"advisory": "RHSA-2015:1769", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "libunwind-0:1.1-4.1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-09-10T00:00:00Z"}, {"advisory": "RHSA-2015:1675", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "libunwind-0:1.1-4.1.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2015-08-24T00:00:00Z"}], "bugzilla": {"description": "libunwind: off-by-one in dwarf_to_unw_regnum()", "id": "1232265", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232265"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-193", "details": ["Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.", "An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage."], "name": "CVE-2015-3239", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:1.1", "fix_state": "Will not fix", "package_name": "libunwind", "product_name": "Red Hat Ceph Storage 1.1"}, {"cpe": "cpe:/a:redhat:ceph_storage:1.2", "fix_state": "Will not fix", "package_name": "libunwind", "product_name": "Red Hat Ceph Storage 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libunwind", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libunwind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Will not fix", "package_name": "libunwind", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "libunwind", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "mongodb24-libunwind", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "rh-mongodb26-libunwind", "product_name": "Red Hat Software Collections"}], "public_date": "2015-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3239\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3239"], "threat_severity": "Low"}