Skip to main content

Elfutils CVE-2018-16062

MEDIUM
Out-of-bounds Read (CWE-125)
2018-08-29 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 29, 2018 - 03:29 nvd
MEDIUM 5.5

DescriptionNVD

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

AnalysisAI

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Affected products include: Elfutils Project Elfutils, Debian Debian Linux, Opensuse Leap, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop. Version information: before 2018.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2018-16402 CRITICAL POC
9.8 Sep 03

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application cra

CVE-2018-8769 HIGH POC
7.8 Mar 18

elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_

CVE-2019-7149 MEDIUM POC
6.5 Jan 29

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0

CVE-2019-7148 MEDIUM POC
6.5 Jan 29

An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfu

CVE-2018-18520 MEDIUM POC
6.5 Oct 19

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Rated medium

CVE-2017-7613 MEDIUM POC
5.5 Apr 09

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote att

CVE-2017-7607 MEDIUM POC
5.5 Apr 09

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-b

CVE-2017-7612 MEDIUM POC
5.5 Apr 09

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-b

CVE-2017-7610 MEDIUM POC
5.5 Apr 09

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based

CVE-2017-7608 MEDIUM POC
5.5 Apr 09

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a deni

CVE-2017-7611 MEDIUM POC
5.5 Apr 09

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (hea

CVE-2017-7609 MEDIUM POC
5.5 Apr 09

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a

Share

CVE-2018-16062 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy