elfutils is vulnerable to denial of service (DoS). The vulnerability exists as it was possible to trigger a memory allocation failure through the sh_off
or sh_size
ELF header value, throough the __libelf_set_rawdata_wrlock
function in elf_getdata.c
.
CPE | Name | Operator | Version |
---|---|---|---|
elfutils:trusty | eq | 0.158-0ubuntu5 | |
elfutils:xenial | eq | 0.165-3ubuntu1 | |
elfutils:trusty | eq | 0.158-0ubuntu5 | |
elfutils:xenial | eq | 0.165-3ubuntu1 |
www.openwall.com/lists/oss-security/2017/03/22/1
blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/
bugzilla.redhat.com/show_bug.cgi?id=1387584
lists.fedorahosted.org/archives/list/[email protected]/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/
security.gentoo.org/glsa/201710-10
usn.ubuntu.com/3670-1/