Lucene search
Veracode Vulnerability DatabaseVERACODE:27099HistorySep 21, 2020 - 6:34 a.m.
Denial Of Service (DoS)
2020-09-2106:34:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
0.013 Low
EPSS
Percentile
85.7%
elfutils is vulnerable to denial of service (DoS). The vulnerability exists as it was possible to trigger a memory allocation failure through the sh_off or sh_size ELF header value, throough the __libelf_set_rawdata_wrlock function in elf_getdata.c.
| CPE | Name | Operator | Version |
|---|---|---|---|
| elfutils:trusty | eq | 0.158-0ubuntu5 | |
| elfutils:xenial | eq | 0.165-3ubuntu1 | |
| elfutils:trusty | eq | 0.158-0ubuntu5 | |
| elfutils:xenial | eq | 0.165-3ubuntu1 |
References
www.openwall.com/lists/oss-security/2017/03/22/1
blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/
bugzilla.redhat.com/show_bug.cgi?id=1387584
lists.fedorahosted.org/archives/list/[email protected]/thread/Q4LE47FPEVRZANMV6JE2NMHYO4H5MHGJ/
security.gentoo.org/glsa/201710-10
usn.ubuntu.com/3670-1/
Related
cve
cve
CVE-2016-10255
2017-03-23 16:59:00
prion
prion
Design/Logic Flaw
2017-03-23 16:59:00
debiancve
debiancve
CVE-2016-10255
2017-03-23 16:59:00
redhatcve
redhatcve
CVE-2016-10255
2017-08-02 20:49:48
cvelist
cvelist
CVE-2016-10255
2017-03-23 16:00:00
osv
osv
CVE-2016-10255
2017-03-23 16:59:00
nvd
nvd
CVE-2016-10255
2017-03-23 16:59:00
ubuntucve
ubuntucve
CVE-2016-10255
2017-03-23 00:00:00
gentoo
gentoo
elfutils: Multiple vulnerabilities
2017-10-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3670-1)
2018-06-06 00:00:00
Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2020-1190)
2020-03-13 00:00:00
Mageia: Security Advisory (MGASA-2018-0027)
2022-01-28 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : elfutils vulnerabilities (USN-3670-1)
2018-06-06 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : elfutils (EulerOS-SA-2020-1190)
2020-03-13 00:00:00
GLSA-201710-10 : elfutils: Multiple vulnerabilities
2017-10-16 00:00:00
ubuntu
ubuntu
elfutils vulnerabilities
2018-06-05 00:00:00
mageia
mageia
Updated elfutils packages fix security vulnerabilities
2018-01-03 13:32:10
ibm
ibm