CVE-2020-24822

Name of the Vulnerable Software and Affected Versions Libelfin version 0.3

Description A vulnerability in the dwarf::cursor::uleb function allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. The issue is related to insufficient neutralization of special elements in a request, which can be exploited by a remote attacker to cause a denial of service using a specially crafted ELF file.

Recommendations For Libelfin version 0.3, consider disabling the dwarf::cursor::uleb function as a temporary workaround until a patch is available. Restrict access to the dwarf::cursor::uleb function to minimize the risk of exploitation. Avoid using specially crafted ELF files that can trigger the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.