Filtered by vendor Elfutils Project
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-7148 | 1 Elfutils Project | 1 Elfutils | 2024-08-04 | N/A |
An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." | ||||
CVE-2019-7146 | 2 Elfutils Project, Redhat | 2 Elfutils, Enterprise Linux | 2024-08-04 | N/A |
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf. | ||||
CVE-2019-7150 | 5 Canonical, Debian, Elfutils Project and 2 more | 12 Ubuntu Linux, Debian Linux, Elfutils and 9 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. | ||||
CVE-2019-7149 | 3 Debian, Elfutils Project, Redhat | 4 Debian Linux, Elfutils, Ansible Tower and 1 more | 2024-08-04 | N/A |
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm. | ||||
CVE-2020-21047 | 1 Elfutils Project | 1 Elfutils | 2024-08-04 | 5.5 Medium |
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. | ||||
CVE-2021-33294 | 1 Elfutils Project | 1 Elfutils | 2024-08-03 | 5.5 Medium |
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. |