Lucene search

[email protected]CVE-2020-21047

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2020-21047

2023-08-2219:16:09

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-21047

nvd

libcpu

elfutils

denial-of-service

cwe-787

cwe-193

cwe-617

out-of-bounds write

off-by-one error

reachable assertion

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

Affected configurations

NVD

Node

elfutils_projectelfutilsMatch0.177

CPENameOperatorVersion
elfutils_project:elfutilselfutils project elfutilseq0.177

CPE	Name	Operator	Version
elfutils_project:elfutils	elfutils project elfutils	eq	0.177

References

lists.debian.org/debian-lts-announce/2023/09/msg00026.html

sourceware.org/bugzilla/show_bug.cgi?id=25068

sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

Related for CVE-2020-21047

nessus3 openvas2 osv3 debiancve1 nvd1 prion1 amazon1 cvelist1 debian1 ubuntucve1 ibm1 photon1 ubuntu1 ics1