CVE-2024-2002

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

Published: Mar 18, 2024
Updated: Mar 19, 2024
CVE: CVE-2024-2002
Exploit:

No technical information available.

CWEs:

CWE-415

Affected Software
References

Software	From	Fixed in
libdwarf_project / libdwarf	0.1.0	0.9.2
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x
fedoraproject / fedora	40	40.x

https://access.redhat.com/security/cve/CVE-2024-2002
https://bugzilla.redhat.com/show_bug.cgi?id=2267700
https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZGPVLSPIXR32J6FOAFTTIMYTUUXJICGW/

Vulnerability Database

289,599

CVE-2024-2002