Published: 19/10/2018 Updated: 30/11/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote malicious users to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elfutils project elfutils 0.174
debian debian linux 8.0
debian debian linux 9.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
opensuse leap 15.0
opensuse leap 15.1
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10

Synopsis Low: elfutils security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for elfutils is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) b ...

Several security issues were fixed in elfutils ...

Debian Bug report logs - #907562 elfutils: CVE-2018-16062 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Aug 2018 12:51:01 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Found in versions el ...

Debian Bug report logs - #911414 elfutils: CVE-2018-18520 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:54:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911083 elfutils: CVE-2018-18310 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Oct 2018 13:27:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

Debian Bug report logs - #911413 elfutils: CVE-2018-18521 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 19 Oct 2018 21:51:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found in versions ...

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information Function dwarf_getaranges() in dwarf_getarangesc does not properly check whether it reads beyond the limits of the ELF section An attacker could use this flaw to cause a denial of service via a crafted file(CVE-2018-16062) libelf/elf_endc in e ...

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlibc in elfutils 0174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled ...

CWE-369 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html https://sourceware.org/bugzilla/show_bug.cgi?id=23786 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://usn.ubuntu.com/4012-1/http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://access.redhat.com/errata/RHSA-2019:2197 https://usn.ubuntu.com/4012-1/https://nvd.nist.gov

CVE-2018-18521

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect