Debian LTS DLA-2802-1 Critical: Elfutils Denial Of Service Issues
debian lts
October 30, 2021
Several vulnerabilities were fixed in elfutils, a collection of utilities and libraries to handle ELF objects
Topics Covered
Summary
CVE-2018-16062
dwarf_getaranges in dwarf_getaranges.c in libdw allowed a denial of
service (heap-based buffer over-read) via a crafted file.
CVE-2018-16402
libelf/elf_end.c in allowed to cause a denial of service (double
free and application crash) because it tried to decompress twice.
CVE-2018-18310
An invalid memory address dereference libdwfl allowed a denial of
service (application crash) via a crafted file.
CVE-2018-18520
A use-after-free in recursive ELF ar files allowed a denial of
service (application crash) via a crafted file.
CVE-2018-18521
A divide-by-zero in arlib_add_symbols() allowed a denial of service
(application crash) via a crafted file.
CVE-2019-7150
A segmentation fault could occur due to dwfl_segment_report_module()
not checking whether the dyn data read from a core file is truncated.
CVE-2019-7665
NT_PLATFORM core notes contain a zero terminated string allowed a
denial of service (application crash) via a crafted file.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: elfutils
Version: 0.168-1+deb9u1
CVE ID: CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520
Debian Bug: 907562 911083 911413 911414 920909 921880
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!