PT-2019-1674 · Red Hat+2 · Elfutils+2

Mark Wielaard

·

Publicado

2018-11-16

·

Atualizado

2022-08-01

·

CVE-2019-7148

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions elfutils versions 0.174
Description The issue is related to the function read long names() in the elfutils utility for modifying and analyzing ELF binary files. It involves excessive memory allocation, which can be exploited by remote attackers to cause a denial-of-service via crafted ELF input, leading to an out-of-memory exception.
Recommendations For elfutils version 0.174, consider setting ASAN OPTIONS=allocator may return null=1 to mitigate the risk of out-of-memory exceptions, as the maintainers suggest this may prevent the issue from occurring.

Exploit

Correção

DoS

Buffer Overflow

Allocation of Resources Without Limits

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-770CWE-400

Identificadores relacionados

ALT-PU-2018-2658
ALT-PU-2019-1249
BDU:2019-01236
CVE-2019-7148
OPENSUSE-SU-2022_2614-1
SUSE-SU-2022:2614-1
SUSE-SU-2022:2614-2

Produtos afetados

Alt Linux
Suse
Elfutils