Published: 19/10/2018 Updated: 30/11/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows malicious users to cause a denial of service (application crash) with a crafted ELF file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elfutils project elfutils
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
opensuse leap 15.0
opensuse leap 15.1
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0

Synopsis Low: elfutils security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for elfutils is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) b ...

Several security issues were fixed in elfutils ...

Debian Bug report logs - #907562 elfutils: CVE-2018-16062 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Aug 2018 12:51:01 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Found in versions el ...

Debian Bug report logs - #911414 elfutils: CVE-2018-18520 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:54:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911083 elfutils: CVE-2018-18310 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Oct 2018 13:27:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911413 elfutils: CVE-2018-18521 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:51:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information Function dwarf_getaranges() in dwarf_getarangesc does not properly check whether it reads beyond the limits of the ELF section An attacker could use this flaw to cause a denial of service via a crafted file(CVE-2018-16062) libelf/elf_endc in e ...

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0174 Although eu-size is intended to support ar files inside ar files, handle_ar in sizec closes the outer ar file before handling all inner entries The vulnerability allows attackers to cause a denial of service (application crash) with a crafte ...

CWE-119 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html https://sourceware.org/bugzilla/show_bug.cgi?id=23787 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://usn.ubuntu.com/4012-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://access.redhat.com/errata/RHSA-2019:2197 https://usn.ubuntu.com/4012-1/https://nvd.nist.gov

Get Started

CVE-2018-18520

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect