CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7148
https://notcve.org/view.php?id=CVE-2019-7148
An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." Se ha descubierto un intento de asignación de memoria excesiva en la función read_long_names en elf_begin.c en libelf en la versión 0.174 de elfutils. • https://sourceware.org/bugzilla/show_bug.cgi?id=24085 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2019-7150 – elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c
https://notcve.org/view.php?id=CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. Se ha descubierto un problema en la versión 0.175 de elfutils. Podría ocurrir un fallo de segmentación en la función elf64_xlatetom en libelf/elf32_xlatetom.c, debido a que "dwfl_segment_report_module" no comprueba si la lectura de datos dyn desde un archivo core está truncada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:3575 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=24103 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html https://usn.ubuntu.com/4012-1 https://access.redhat.com&#x • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7146 – elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl
https://notcve.org/view.php?id=CVE-2019-7146
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. En la versión 0.175 de elfutils hay una sobrelectura de búfer en la función ebl_object_note en eblobjnote.c en libebl. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo elf manipulado, tal y como queda demostrado con eu-readelf. • https://access.redhat.com/errata/RHSA-2019:3575 https://sourceware.org/bugzilla/show_bug.cgi?id=24075 https://sourceware.org/bugzilla/show_bug.cgi?id=24081 https://access.redhat.com/security/cve/CVE-2019-7146 https://bugzilla.redhat.com/show_bug.cgi?id=1671432 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18520 – elfutils: eu-size cannot handle recursive ar files
https://notcve.org/view.php?id=CVE-2018-18520
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. Existe una desreferencia de dirección de memoria inválida en la función elf_end en elfutils hasta la versión v0.174. Aunque se supone que eu-size soporta archivos ar dentro de archivos ar, handle_ar en size.c cierra el archivo ar externo antes de gestionar todas la entradas internas. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23787 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18520 https://bugzilla.redh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-18521 – elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c
https://notcve.org/view.php?id=CVE-2018-18521
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Vulnerabilidades de división entre cero en la función arlib_add_symbols() en arlib.c en elfutils 0.174 permiten que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) con un archivo ELF manipulado, tal y como queda demostrado con eu-ranlib. Esto se debe a que se gestiona de manera incorrecta un sh_entsize con valor cero. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23786 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18521 https://bugzilla.redh • CWE-369: Divide By Zero •