Published: 29/01/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An attempted excessive memory allocation exists in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."

Vulnerable Product	Search on Vulmon	Subscribe to Product
elfutils project elfutils 0.174

Debian Bug report logs - #920909 elfutils: CVE-2019-7150 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 30 Jan 2019 14:33:02 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Found in version elfu ...

Debian Bug report logs - #920910 elfutils: CVE-2019-7149 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 30 Jan 2019 14:33:04 UTC Severity: normal Tags: fixed-upstream, security, upstream Found in version elfutils/0 ...

Debian Bug report logs - #920911 elfutils: CVE-2019-7146 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 30 Jan 2019 14:33:07 UTC Severity: normal Tags: fixed-upstream, security, upstream Found in version elfutils/0 ...

Debian Bug report logs - #921881 elfutils: CVE-2019-7664 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 9 Feb 2019 20:27:04 UTC Severity: normal Tags: fixed-upstream, security, upstream Found in version elfutils/0 ...

Debian Bug report logs - #921880 elfutils: CVE-2019-7665 Package: src:elfutils; Maintainer for src:elfutils is Kurt Roeckx <kurt@roeckxbe>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 9 Feb 2019 20:27:01 UTC Severity: normal Tags: fixed-upstream, security, upstream Found in version elfutils/0 ...

An attempted excessive memory allocation was discovered in the function read_long_names in elf_beginc in libelf in elfutils 0174 Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception ...

An attempted excessive memory allocation was discovered in the function read_long_names in elf_beginc in libelf in elfutils <= 0175 Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception ...

CWE-770 https://sourceware.org/bugzilla/show_bug.cgi?id=24085 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920909 https://access.redhat.com/security/cve/cve-2019-7148

CVE-2019-7148

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect