CPE Details
elfutils project elfutils 0.174
0.174
2018-10-29 14:48 +00:00
2018-10-29 14:48 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:elfutils_project:elfutils:0.174:*:*:*:*:*:*:*
Informations
Vendor
elfutils_projectProduct
elfutilsVersion
0.174Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." | 6.5 |
MEDIUM |
||
| An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. | 6.5 |
MEDIUM |
||
| Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | 5.5 |
MEDIUM |
||
| An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. | 5.5 |
MEDIUM |
2024©
tesweb SA
