Published: 09/04/2017 Updated: 07/06/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote malicious users to cause a denial of service (memory consumption) via a crafted ELF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elfutils project elfutils 0.168

elfutils could be made to crash or consume resources if it opened a specially crafted file ...

Debian Bug report logs - #859992 elfutils: CVE-2017-7611 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 04:45:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version e ...

Debian Bug report logs - #859993 elfutils: CVE-2017-7610 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 04:54:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version elfutils ...

Debian Bug report logs - #859995 elfutils: CVE-2017-7608 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 05:06:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version elfutils ...

Debian Bug report logs - #859996 elfutils: CVE-2017-7607 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 05:33:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found in version elfutils ...

Debian Bug report logs - #859991 elfutils: CVE-2017-7612 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 04:42:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in version e ...

Debian Bug report logs - #859990 elfutils: CVE-2017-7613 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 04:33:01 UTC Severity: normal Tags: fixed-upstream, security, upstream Found in version elfutils/0 ...

Debian Bug report logs - #859994 elfutils: CVE-2017-7609 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Apr 2017 04:57:01 UTC Severity: normal Tags: fixed-upstream, security, upstream Found in version elfutils/0 ...

elf_compressc in elfutils 0168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file ...

CWE-20 https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c https://security.gentoo.org/glsa/201710-10 https://usn.ubuntu.com/3670-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://usn.ubuntu.com/3670-1/https://nvd.nist.gov

CVE-2017-7609

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect