CVE-2020-21047

Name of the Vulnerable Software and Affected Versions elfutils version 0.177

Description The issue is related to a denial-of-service vulnerability in the libcpu component of elfutils, caused by application crashes due to out-of-bounds write, off-by-one error, and reachable assertion. Attackers can exploit this by crafting certain ELF files that bypass missing bound checks.

Recommendations For elfutils version 0.177, consider updating to a newer version that addresses the out-of-bounds write, off-by-one error, and reachable assertion issues to prevent application crashes and potential denial-of-service attacks. As a temporary workaround, restrict the use of specially crafted ELF files that could exploit the vulnerability.