This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Elfutils Project First view 2014-04-11
Product Elfutils Last view 2019-02-09
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:elfutils_project:elfutils:0.168:*:*:*:*:*:*:* 10
cpe:2.3:a:elfutils_project:elfutils:0.154:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.153:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.156:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.155:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.157:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.158:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.161:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.152:*:*:*:*:*:*:* 6
cpe:2.3:a:elfutils_project:elfutils:0.167:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.123:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.124:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.125:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.126:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.127:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.128:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.129:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.130:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.131:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.132:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.133:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.134:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.135:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.137:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.138:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.139:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.140:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.141:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.142:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.143:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.144:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.145:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.146:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.147:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.148:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.149:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.150:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.151:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.173:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.164:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.165:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.166:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.175:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:*:*:*:*:*:*:*:* 5
cpe:2.3:a:elfutils_project:elfutils:0.170:*:*:*:*:*:*:* 4
cpe:2.3:a:elfutils_project:elfutils:0.174:*:*:*:*:*:*:* 4
cpe:2.3:a:elfutils_project:elfutils:0.169:*:*:*:*:*:*:* 3
cpe:2.3:a:elfutils_project:elfutils:0.171:*:*:*:*:*:*:* 3
cpe:2.3:a:elfutils_project:elfutils:0.172:*:*:*:*:*:*:* 3

Related : CVE

  Date Alert Description
5.5 2019-02-09 CVE-2019-7665

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

5.5 2019-02-09 CVE-2019-7664

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

5.5 2019-01-28 CVE-2019-7150

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

6.5 2019-01-28 CVE-2019-7149

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

6.5 2019-01-28 CVE-2019-7148

An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."

5.5 2019-01-28 CVE-2019-7146

In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.

5.5 2018-10-19 CVE-2018-18521

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

6.5 2018-10-19 CVE-2018-18520

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.

5.5 2018-10-14 CVE-2018-18310

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

5.5 2018-09-03 CVE-2018-16403

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.

9.8 2018-09-03 CVE-2018-16402

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

5.5 2018-08-28 CVE-2018-16062

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

7.8 2018-03-18 CVE-2018-8769

elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.

5.5 2017-04-09 CVE-2017-7613

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

5.5 2017-04-09 CVE-2017-7612

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5 2017-04-09 CVE-2017-7611

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5 2017-04-09 CVE-2017-7610

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5 2017-04-09 CVE-2017-7609

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

5.5 2017-04-09 CVE-2017-7608

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5 2017-04-09 CVE-2017-7607

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

5.5 2017-03-23 CVE-2016-10255

The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.

5.5 2017-03-23 CVE-2016-10254

The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.

6.4 2015-01-02 CVE-2014-9447

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

6.8 2014-04-11 CVE-2014-0172

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

CWE : Common Weakness Enumeration

%idName
50% (12) CWE-125 Out-of-bounds Read
16% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (2) CWE-20 Improper Input Validation
4% (1) CWE-787 Out-of-bounds Write
4% (1) CWE-770 Allocation of Resources Without Limits or Throttling
4% (1) CWE-415 Double Free
4% (1) CWE-369 Divide By Zero
4% (1) CWE-189 Numeric Errors
4% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:24740 USN-2188-1 -- elfutils vulnerability

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-f91531043d.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-cb25ae4b94.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-91382c7bd3.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-32c8599fe1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1eec1f0d17.nasl - Type: ACT_GATHER_INFO
2017-10-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-10.nasl - Type: ACT_GATHER_INFO
2017-08-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1143.nasl - Type: ACT_GATHER_INFO
2017-08-08 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1142.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-a6f5c8fbf3.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-5e4fb05a0a.nasl - Type: ACT_GATHER_INFO
2016-12-13 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201612-32.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-104.nasl - Type: ACT_GATHER_INFO
2015-03-06 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_elfutils-150218.nasl - Type: ACT_GATHER_INFO
2015-02-13 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-047.nasl - Type: ACT_GATHER_INFO
2015-01-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-59.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2482-1.nasl - Type: ACT_GATHER_INFO
2015-01-21 Name: The remote Fedora host is missing a security update.
File: fedora_2015-0677.nasl - Type: ACT_GATHER_INFO
2015-01-20 Name: The remote Fedora host is missing a security update.
File: fedora_2015-0692.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-345.nasl - Type: ACT_GATHER_INFO
2014-08-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-491.nasl - Type: ACT_GATHER_INFO
2014-05-01 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2188-1.nasl - Type: ACT_GATHER_INFO
2014-04-30 Name: The remote Fedora host is missing a security update.
File: fedora_2014-5031.nasl - Type: ACT_GATHER_INFO
2014-04-21 Name: The remote Fedora host is missing a security update.
File: fedora_2014-5015.nasl - Type: ACT_GATHER_INFO