19 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-7148

https://notcve.org/view.php?id=CVE-2019-7148

An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." Se ha descubierto un intento de asignación de memoria excesiva en la función read_long_names en elf_begin.c en libelf en la versión 0.174 de elfutils. • https://sourceware.org/bugzilla/show_bug.cgi?id=24085 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2018-18520 – elfutils: eu-size cannot handle recursive ar files

https://notcve.org/view.php?id=CVE-2018-18520

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. Existe una desreferencia de dirección de memoria inválida en la función elf_end en elfutils hasta la versión v0.174. Aunque se supone que eu-size soporta archivos ar dentro de archivos ar, handle_ar en size.c cierra el archivo ar externo antes de gestionar todas la entradas internas. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23787 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18520 https://bugzilla.redh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2018-18521 – elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c

https://notcve.org/view.php?id=CVE-2018-18521

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. Vulnerabilidades de división entre cero en la función arlib_add_symbols() en arlib.c en elfutils 0.174 permiten que los atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) con un archivo ELF manipulado, tal y como queda demostrado con eu-ranlib. Esto se debe a que se gestiona de manera incorrecta un sh_entsize con valor cero. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23786 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18521 https://bugzilla.redh • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2018-18310 – elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl

https://notcve.org/view.php?id=CVE-2018-18310

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. Se ha descubierto una desreferencia de dirección de memoria inválida en dwfl_segment_report_module.c en libdwfl en elfutils 0.4.8 hasta la versión v0.174. La vulnerabilidad permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un archivo ELF manipulado, tal y como queda demostrado con consider_notes. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23752 https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-18310 https://bugzilla.redh • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1

CVE-2018-16402 – elfutils: Double-free due to double decompression of sections in crafted ELF causes crash

https://notcve.org/view.php?id=CVE-2018-16402

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. libelf/elf_end.c en elfutils 0.173 permite que atacantes remotos provoquen una denegación de servicio (doble liberación y cierre inesperado de la aplicación) o, probablemente, cualquier otro tipo de problema debido a que trata de descomprimir dos veces. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html https://access.redhat.com/errata/RHSA-2019:2197 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html https://sourceware.org/bugzilla/show_bug.cgi?id=23528 https://usn.ubuntu.com/4012-1 https://access.redhat.com/security/cve/CVE-2018-16402 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-415: Double Free CWE-416: Use After Free •