CVE-2019-7665

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions elfutils version 0.175

Description A heap-based buffer over-read was discovered in the elf32 xlatetom function in libelf. This issue can be triggered by a crafted ELF input, causing a segmentation fault that leads to a denial of service (program crash). The problem arises because ebl core note does not reject malformed core file notes.

Recommendations For elfutils version 0.175, consider disabling the elf32 xlatetom function as a temporary workaround until a patch is available to prevent potential exploitation. Restrict access to malformed ELF files to minimize the risk of a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALT-PU-2019-1249

BDU:2019-01240

CESA-2019_2197

CESA-2019_3575

CVE-2019-7665

DLA-1689-1

DLA-2802-1

MGASA-2019-0222

OPENSUSE-SU-2019:1590-1

OPENSUSE-SU-2019_1590-1

OPENSUSE-SU-2022_2614-1

RHSA-2019:2197

RHSA-2019:3575

RHSA-2019_2197

RHSA-2019_3575

SUSE-SU-2019:1486-1

SUSE-SU-2019:1733-1

SUSE-SU-2019_1486-1

SUSE-SU-2022:2614-1

SUSE-SU-2022:2614-2

USN-4012-1

USN-6322-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Elfutils

CVE-2019-7665

Weakness Enumeration

Related Identifiers

Affected Products

References · 193