CVE-2024-2002

Libdwarf: crashes randomly on fuzzed object

Published: 3/18/2024 Last updated: 11/20/2025 Reserved: 2/29/2024

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.5	High	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (1)

conf-dwarfutils

Products affected (4)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	< 62e46e0ffc02daa8fcfc02f7a932cc8a19601b19
		< 24.1R2
Red Hat Enterprise Linux 7	Red Hat	< 23.2R1
Red Hat Enterprise Linux 8	Red Hat	< 23.2R2-EVO

References (14)

https://access.redhat.com/security/cve/CVE-2024-2002
https://bugzilla.redhat.com/show_bug.cgi?id=2267700
https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt
https://access.redhat.com/security/cve/CVE-2024-2002
https://bugzilla.redhat.com/show_bug.cgi?id=2267700
https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGPVLSPIXR32J6FOAFTTIMYTUUXJICGW/
https://access.redhat.com/security/cve/CVE-2024-2002
https://bugzilla.redhat.com/show_bug.cgi?id=2267700
https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt
https://access.redhat.com/security/cve/CVE-2024-2002
https://bugzilla.redhat.com/show_bug.cgi?id=2267700
https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGPVLSPIXR32J6FOAFTTIMYTUUXJICGW/