U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:elfutils_project:elfutils:0.168
There are 10 matching records.
Displaying matches 1 through 10.
Vuln ID Summary CVSS Severity
CVE-2018-18520

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.

Published: October 19, 2018; 1:29:00 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-18310

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

Published: October 14, 2018; 10:29:00 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-16062

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

Published: August 28, 2018; 11:29:00 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7613

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7612

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7611

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7610

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7609

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7608

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7607

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Published: April 09, 2017; 10:59:00 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM