Skip to main content

Elfutils CVE-2014-0172

MEDIUM
Numeric Errors (CWE-189)
2014-04-11 secalert@redhat.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 11, 2014 - 15:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

AnalysisAI

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-189. Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. Affected products include: Elfutils Project Elfutils. Version information: through 0.158.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-16402 CRITICAL POC
9.8 Sep 03

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application cra

CVE-2018-8769 HIGH POC
7.8 Mar 18

elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_

CVE-2019-7149 MEDIUM POC
6.5 Jan 29

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0

CVE-2019-7148 MEDIUM POC
6.5 Jan 29

An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfu

CVE-2018-18520 MEDIUM POC
6.5 Oct 19

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Rated medium

CVE-2017-7613 MEDIUM POC
5.5 Apr 09

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote att

CVE-2017-7607 MEDIUM POC
5.5 Apr 09

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-b

CVE-2017-7612 MEDIUM POC
5.5 Apr 09

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-b

CVE-2017-7610 MEDIUM POC
5.5 Apr 09

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based

CVE-2017-7608 MEDIUM POC
5.5 Apr 09

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a deni

CVE-2017-7611 MEDIUM POC
5.5 Apr 09

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (hea

CVE-2017-7609 MEDIUM POC
5.5 Apr 09

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a

Share

CVE-2014-0172 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy