CPE Details
elfutils project elfutils 0.173
0.173
2018-10-29 14:48 +00:00
2018-10-29 14:48 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:elfutils_project:elfutils:0.173:*:*:*:*:*:*:*
Informations
Vendor
elfutils_projectProduct
elfutilsVersion
0.173Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. | 6.5 |
MEDIUM |
||
| An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. | 5.5 |
MEDIUM |
||
| libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. | 9.8 |
CRITICAL |
||
| libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. | 5.5 |
MEDIUM |
||
| dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 5.5 |
MEDIUM |
2024©
tesweb SA
