CVE-2019-7148

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions elfutils versions 0.174

Description The issue is related to the function read long names() in the elfutils utility for modifying and analyzing ELF binary files. It involves excessive memory allocation, which can be exploited by remote attackers to cause a denial-of-service via crafted ELF input, leading to an out-of-memory exception.

Recommendations For elfutils version 0.174, consider setting ASAN OPTIONS=allocator may return null=1 to mitigate the risk of out-of-memory exceptions, as the maintainers suggest this may prevent the issue from occurring.

Exploit

Fix

DoS

Buffer Overflow

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-770CWE-400

Related Identifiers

ALT-PU-2018-2658

ALT-PU-2019-1249

BDU:2019-01236

CVE-2019-7148

OPENSUSE-SU-2022_2614-1

SUSE-SU-2022:2614-1

SUSE-SU-2022:2614-2

Affected Products

Alt Linux

Suse

Elfutils

CVE-2019-7148

Weakness Enumeration

Related Identifiers

Affected Products

References · 118