This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Elfutils Project First view 2015-01-02
Product Elfutils Last view 2018-10-19
Version 0.161 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:elfutils_project:elfutils

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2018-10-19 CVE-2018-18520

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.

5.5 2018-10-14 CVE-2018-18310

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

5.5 2018-08-28 CVE-2018-16062

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

5.5 2017-03-23 CVE-2016-10255

The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.

5.5 2017-03-23 CVE-2016-10254

The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.

6.4 2015-01-02 CVE-2014-9447

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

CWE : Common Weakness Enumeration

%idName
66% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (1) CWE-125 Out-of-bounds Read
16% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1eec1f0d17.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-32c8599fe1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-91382c7bd3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-cb25ae4b94.nasl - Type: ACT_GATHER_INFO
2017-10-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-10.nasl - Type: ACT_GATHER_INFO
2017-08-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1142.nasl - Type: ACT_GATHER_INFO
2017-08-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1143.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-104.nasl - Type: ACT_GATHER_INFO
2015-03-06 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_elfutils-150218.nasl - Type: ACT_GATHER_INFO
2015-02-13 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-047.nasl - Type: ACT_GATHER_INFO
2015-01-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-59.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2482-1.nasl - Type: ACT_GATHER_INFO
2015-01-21 Name: The remote Fedora host is missing a security update.
File: fedora_2015-0677.nasl - Type: ACT_GATHER_INFO
2015-01-20 Name: The remote Fedora host is missing a security update.
File: fedora_2015-0692.nasl - Type: ACT_GATHER_INFO