An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
Redhat
  • Enterprise Linux
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server
  • Enterprise Linux Eus
Opensuse
  • Leap
Elfutils Project
  • Elfutils
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux

Configuration 1 [-]

cpe:2.3:a:elfutils_project:elfutils:0.175:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2197 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3575 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html Mailing List Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=24103 Issue Tracking Exploit Third Party Advisory
https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html Mailing List Patch Third Party Advisory
https://usn.ubuntu.com/4012-1/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-29T00:00:00

Updated: 2021-10-31T00:06:18

Reserved: 2019-01-28T00:00:00

Link: CVE-2019-7150

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2019-01-29T00:29:00.457

Modified: 2021-11-30T19:52:17.650

Link: CVE-2019-7150

JSON object: View

cve-icon Redhat Information

No data.

CWE