Note:
This project will be discontinued after December 13, 2021. [more]
2018-10-15
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
| Products | Ubuntu_linux, Debian_linux, Elfutils, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://usn.ubuntu.com/4012-1/
• https://sourceware.org/bugzilla/show_bug.cgi?id=23752 • https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html • https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html • https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html |