CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-25260 – Ubuntu Security Notice USN-7369-1
https://notcve.org/view.php?id=CVE-2024-25260
20 Feb 2024 — elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. Se descubrió que elfutils v0.189 contenía una desreferencia de puntero NULL a través de la función handle_verdef() en readelf.c. It was discovered that readelf from elfutils could be made to read out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only ... • https://github.com/schsiung/fuzzer_issues/issues/1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-21047 – Ubuntu Security Notice USN-6322-1
https://notcve.org/view.php?id=CVE-2020-21047
22 Aug 2023 — The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. El componente libcpu que es utilizado por libasm de elfutils versión 0.177 (git 47780c9e), sufre de una vulnerabilidad de denegación de... • https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33294 – Ubuntu Security Notice USN-6322-1
https://notcve.org/view.php?id=CVE-2021-33294
18 Jul 2023 — In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. It was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that elfutils incorrectly... • https://sourceware.org/bugzilla/show_bug.cgi?id=27501 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-7664 – elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h
https://notcve.org/view.php?id=CVE-2019-7664
09 Feb 2019 — In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). En elfutils 0.175, se intenta realizar un memcpy de tamaño negativo en elf_cvt_note en libelf/note_xlate.h debido a una comprobación de desbordamiento incorrecta. Las entradas elf manipuladas provocan un fallo de segmentación, que conduce a una denegación de servicio (cierre inespera... • https://access.redhat.com/errata/RHSA-2019:2197 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 2CVE-2019-7665 – elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c
https://notcve.org/view.php?id=CVE-2019-7665
09 Feb 2019 — In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. En elfutils 0.175, existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función elf32_xlatetom en elf32_xlatetom.c. Una entrada ELF manipulada puede provocar un fallo de segmentación que conduce a una dene... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7146 – elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl
https://notcve.org/view.php?id=CVE-2019-7146
29 Jan 2019 — In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. En la versión 0.175 de elfutils hay una sobrelectura de búfer en la función ebl_object_note en eblobjnote.c en libebl. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo elf manipulado, tal y com... • https://access.redhat.com/errata/RHSA-2019:3575 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7148
https://notcve.org/view.php?id=CVE-2019-7148
29 Jan 2019 — An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." Se ha descu... • https://sourceware.org/bugzilla/show_bug.cgi?id=24085 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7149 – elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw
https://notcve.org/view.php?id=CVE-2019-7149
29 Jan 2019 — A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. Se ha descubierto una sobrelectura de búfer basada en memoria dinámica (heap) en la función read_srclines en dwarf_getsrclines.c en libdw en la versión 0.175 de elfutils. Una entrada manipulada puede causar fallos de segmentación, conduciendo a una denegación de servicio (DoS), tal ... • https://access.redhat.com/errata/RHSA-2019:2197 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2019-7150 – elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c
https://notcve.org/view.php?id=CVE-2019-7150
29 Jan 2019 — An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. Se ha descubierto un problema en la versión 0.175 de elfutils. Podría ocurrir un fallo de segmentación en la función elf64_xlatetom en libelf/elf32_xlatetom.c, debido a que ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18521 – elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c
https://notcve.org/view.php?id=CVE-2018-18521
19 Oct 2018 — Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Vulnerabilidades de división entre cero en la función arlib_add_symbols() en arlib.c en elfutils 0.174 permiten que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) con un archivo ELF manipulado, tal y... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html • CWE-369: Divide By Zero •