CVE-2018-16403

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions elfutils version 0.173

Description The issue is related to incorrect checking of the end of the attributes list in the libdw library of the elfutils package, specifically in the dwarf getabbrev function in dwarf getabbrev.c and the dwarf hasattr function in dwarf hasattr.c. This can lead to a heap-based buffer over-read and cause an application crash. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For elfutils version 0.173, consider updating to a newer version that includes a fix for this issue, as the current version is affected by the incorrect checking of the attributes list end, which can cause a heap-based buffer over-read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-2328

BDU:2021-01386

CESA-2019_2197

CVE-2018-16403

MGASA-2019-0222

OPENSUSE-SU-2019:1590-1

OPENSUSE-SU-2019_1590-1

OPENSUSE-SU-2022_2614-1

RHSA-2019:2197

RHSA-2019_2197

SUSE-SU-2019:1486-1

SUSE-SU-2019:1733-1

SUSE-SU-2019_1486-1

SUSE-SU-2022:2614-1

SUSE-SU-2022:2614-2

USN-4012-1

USN-6322-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Elfutils

CVE-2018-16403

Weakness Enumeration

Related Identifiers

Affected Products

References · 173