Published: 15/10/2018 Updated: 30/11/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An invalid memory address dereference exists in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows malicious users to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elfutils project elfutils
debian debian linux 8.0
debian debian linux 9.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
opensuse leap 15.0
opensuse leap 15.1
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10

Synopsis Low: elfutils security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for elfutils is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) b ...

Several security issues were fixed in elfutils ...

Debian Bug report logs - #907562 elfutils: CVE-2018-16062 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Aug 2018 12:51:01 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Found in versions el ...

Debian Bug report logs - #911414 elfutils: CVE-2018-18520 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:54:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911083 elfutils: CVE-2018-18310 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Oct 2018 13:27:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911413 elfutils: CVE-2018-18521 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:51:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information Function dwarf_getaranges() in dwarf_getarangesc does not properly check whether it reads beyond the limits of the ELF section An attacker could use this flaw to cause a denial of service via a crafted file(CVE-2018-16062) libelf/elf_endc in e ...

An invalid memory address dereference was discovered in dwfl_segment_report_modulec in libdwfl in elfutils through v0174 The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes ...

An invalid memory address dereference was discovered in dwfl_segment_report_modulec in libdwfl in elfutils through v0174 The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file ...

CWE-119 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html https://sourceware.org/bugzilla/show_bug.cgi?id=23752 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://usn.ubuntu.com/4012-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://access.redhat.com/errata/RHSA-2019:2197 https://usn.ubuntu.com/4012-1/https://nvd.nist.gov

CVE-2018-18310

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect