Mark Wielaard

**Name of the Vulnerable Software and Affected Versions** elfutils version 0.175 **Description** A heap-based buffer over-read was discovered in the `read srclines` function in `dwarf getsrclines.c` in `libdw` in `elfutils`. This issue can be exploited by a crafted input, causing segmentation faults and leading to a denial-of-service (DoS). The vulnerability can be triggered by a specially prepared ELF file. **Recommendations** For elfutils version 0.175, consider applying a patch to fix the `read srclines` function in `dwarf getsrclines.c` to prevent the buffer over-read. As a temporary workaround, restrict the use of the `eu-nm` tool with untrusted ELF files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** elfutils versions 0.174 **Description** The issue is related to the function `read long names()` in the elfutils utility for modifying and analyzing ELF binary files. It involves excessive memory allocation, which can be exploited by remote attackers to cause a denial-of-service via crafted ELF input, leading to an out-of-memory exception. **Recommendations** For elfutils version 0.174, consider setting ASAN OPTIONS=allocator may return null=1 to mitigate the risk of out-of-memory exceptions, as the maintainers suggest this may prevent the issue from occurring.