CVE-2018-18520

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions elfutils versions through 0.174

Description The issue is related to an Invalid Memory Address Dereference in the elf end function in the libelf library of the elfutils package. This occurs because the handle ar function in size.c closes the outer ar file before handling all inner entries, which is incorrect given that eu-size is intended to support ar files inside ar files. Attackers can exploit this to cause a denial of service, resulting in an application crash, by using a crafted ELF file.

Recommendations For versions through 0.174, consider updating to a version that fixes the issue with the elf end function in the libelf library to prevent the denial of service vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2018-2658

BDU:2021-01428

CESA-2019_2197

CVE-2018-18520

DLA-1689-1

DLA-2802-1

MGASA-2019-0222

OPENSUSE-SU-2019:1590-1

OPENSUSE-SU-2019_1590-1

OPENSUSE-SU-2022_2614-1

RHSA-2019:2197

RHSA-2019_2197

SUSE-SU-2019:1486-1

SUSE-SU-2019:1733-1

SUSE-SU-2019_1486-1

SUSE-SU-2022:2614-1

SUSE-SU-2022:2614-2

USN-4012-1

USN-6322-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Elfutils

CVE-2018-18520

Weakness Enumeration

Related Identifiers

Affected Products

References · 186