Page 23 of 256 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2018-18521 – elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c

https://notcve.org/view.php?id=CVE-2018-18521

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Vulnerabilidades de división entre cero en la función arlib_add_symbols() en arlib.c en elfutils 0.174 permiten que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) con un archivo ELF manipulado, tal y como queda demostrado con eu-ranlib. Esto se debe a que se gestiona de manera incorrecta un sh_entsize con valor cero. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23786 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18521 https://bugzilla.redh • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2018-18310 – elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl

https://notcve.org/view.php?id=CVE-2018-18310

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. Se ha descubierto una desreferencia de dirección de memoria inválida en dwfl_segment_report_module.c en libdwfl en elfutils 0.4.8 hasta la versión v0.174. La vulnerabilidad permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo ELF manipulado, tal y como queda demostrado con consider_notes. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23752 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18310 https://bugzilla.redh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1

CVE-2018-16402 – elfutils: Double-free due to double decompression of sections in crafted ELF causes crash

https://notcve.org/view.php?id=CVE-2018-16402

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. libelf/elf_end.c en elfutils 0.173 permite que atacantes remotos provoquen una denegación de servicio (doble liberación y cierre inesperado de la aplicación) o, probablemente, cualquier otro tipo de problema debido a que trata de descomprimir dos veces. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23528 https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-16402 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-415: Double Free CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2018-16062 – elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file

https://notcve.org/view.php?id=CVE-2018-16062

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. dwarf_getaranges en dwarf_getaranges.c en libdw en elfutils en versiones anteriores al 18/08/2018 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo manipulado. An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23541 https://sourceware.org/git/?p=elfutils.git%3Ba=commit%3Bh=29e31978ba51c1051743a503ee325b5ebc03d7e9 https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-16062&# • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2018-10916 – lftp: particular remote file names may lead to current working directory erased

https://notcve.org/view.php?id=CVE-2018-10916

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. Se ha descubierto que lftp hasta e incluyendo la versión 4.8.3 no sanea adecuadamente los nombres de archivo remoto, lo que conduce a la pérdida de integridad en el sistema local cuando se usa la replicación inversa. Un atacante remoto podría engañar a un usuario para que emplee replicación inversa en un servidor FTP controlado por el atacante, lo que resulta en la eliminación de todos los archivos en el directorio de trabajo actual del sistema de la víctima. It has been discovered that lftp does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00010.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10916 https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992 https://github.com/lavv17/lftp/issues/452 https://usn.ubuntu.com/3731-2 https://access.redhat.com/security/cve/CVE-2018-10916 https://bugzilla.redhat.com/show_bug.cgi?id=1610349 • CWE-20: Improper Input Validation •