CVE-2014-0172
Ubuntu Security Notice USN-2188-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
Desbordamiento de enteros en la función check_section en dwarf_begin_elf.c en la librería libdw, utilizado en elfutils 0.153 y posiblemente hasta 0.158 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una sección de depuración comprimida malformada en un archivo ELF, lo que provoca un desbordamiento de buffer basado en memoria dinámica.
The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause an application using libdw to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-04-11 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q2/54 | Mailing List |
|
| http://www.securityfocus.com/bid/66714 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1085663 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html | 2017-07-01 |
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2188-1 | 2017-07-01 | |
| https://security.gentoo.org/glsa/201612-32 | 2017-07-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elfutils Project Search vendor "Elfutils Project" | Elfutils Search vendor "Elfutils Project" for product "Elfutils" | 0.153 Search vendor "Elfutils Project" for product "Elfutils" and version "0.153" | - |
Affected
| ||||||
| Elfutils Project Search vendor "Elfutils Project" | Elfutils Search vendor "Elfutils Project" for product "Elfutils" | 0.154 Search vendor "Elfutils Project" for product "Elfutils" and version "0.154" | - |
Affected
| ||||||
| Elfutils Project Search vendor "Elfutils Project" | Elfutils Search vendor "Elfutils Project" for product "Elfutils" | 0.155 Search vendor "Elfutils Project" for product "Elfutils" and version "0.155" | - |
Affected
| ||||||
| Elfutils Project Search vendor "Elfutils Project" | Elfutils Search vendor "Elfutils Project" for product "Elfutils" | 0.156 Search vendor "Elfutils Project" for product "Elfutils" and version "0.156" | - |
Affected
| ||||||
| Elfutils Project Search vendor "Elfutils Project" | Elfutils Search vendor "Elfutils Project" for product "Elfutils" | 0.157 Search vendor "Elfutils Project" for product "Elfutils" and version "0.157" | - |
Affected
| ||||||
| Elfutils Project Search vendor "Elfutils Project" | Elfutils Search vendor "Elfutils Project" for product "Elfutils" | 0.158 Search vendor "Elfutils Project" for product "Elfutils" and version "0.158" | - |
Affected
| ||||||