CVE-2019-7146
elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.
En la versión 0.175 de elfutils hay una sobrelectura de búfer en la función ebl_object_note en eblobjnote.c en libebl. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo elf manipulado, tal y como queda demostrado con eu-readelf.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-28 CVE Reserved
- 2019-01-29 CVE Published
- 2024-01-22 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=24075 | 2024-08-04 | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=24081 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:3575 | 2020-08-24 | |
| https://access.redhat.com/security/cve/CVE-2019-7146 | 2019-11-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1671432 | 2019-11-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Elfutils Project Search vendor "Elfutils Project" | Elfutils Search vendor "Elfutils Project" for product "Elfutils" | 0.175 Search vendor "Elfutils Project" for product "Elfutils" and version "0.175" | - |
Affected
| ||||||