Code injection

2019-01-2900:29:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
ubuntu_linuxeq16.04
debian_linuxeq8.0
debian_linuxeq9.0
elfutilseq0.175
leapeq15.0
leapeq15.1
enterprise_linuxeq8.0
enterprise_linux_desktopeq7.0

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
ubuntu_linux	eq	16.04
debian_linux	eq	8.0
debian_linux	eq	9.0
elfutils	eq	0.175
leap	eq	15.0
leap	eq	15.1
enterprise_linux	eq	8.0
enterprise_linux_desktop	eq	7.0