Published: 03/09/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

It exists that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elfutils project elfutils 0.173

Synopsis Low: elfutils security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for elfutils is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) b ...

Several security issues were fixed in elfutils ...

Debian Bug report logs - #907562 elfutils: CVE-2018-16062 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Aug 2018 12:51:01 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Found in versions el ...

Debian Bug report logs - #911414 elfutils: CVE-2018-18520 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:54:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911083 elfutils: CVE-2018-18310 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Oct 2018 13:27:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911413 elfutils: CVE-2018-18521 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:51:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information Function dwarf_getaranges() in dwarf_getarangesc does not properly check whether it reads beyond the limits of the ELF section An attacker could use this flaw to cause a denial of service via a crafted file(CVE-2018-16062) libelf/elf_endc in e ...

libdw in elfutils 0173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrevc and dwarf_hasattr in dwarf_hasattrc, leading to a heap-based buffer over-read and an application crash ...

CWE-125 https://sourceware.org/bugzilla/show_bug.cgi?id=23529 https://usn.ubuntu.com/4012-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://sourceware.org/git/?p=elfutils.git%3Ba=commit%3Bh=6983e59b727458a6c64d9659c85f08218bc4fcda https://access.redhat.com/errata/RHSA-2019:2197 https://usn.ubuntu.com/4012-1/https://nvd.nist.gov

CVE-2018-16403

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect