PT-2017-17838 · Red Hat +3 · Elfutils +3

🗓️ 09 Apr 2017 00:00:00Reported by Positive TechnologiesType

Remote attackers can crash elfutils 0.168 via crafted ELF by exploiting the handle gnu hash in readelf.c.

Reporter	Title	Published	Views	Family All 518
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs	29 Apr 202502:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows	25 Feb 201920:40	–	ibm
Tenable Nessus	Amazon Linux 2 : elfutils (ALAS-2019-1337)	25 Oct 201900:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0041: elfutils (ALINUX3-SA-2022:0041)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : elfutils (CESA-2019:3575)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : elfutils (CESA-2019:2197)	30 Aug 201900:00	–	nessus
Tenable Nessus	Debian DLA-1689-1 : elfutils security update	26 Feb 201900:00	–	nessus
Tenable Nessus	Debian DLA-2802-1 : elfutils - LTS security update	31 Oct 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : elfutils (EulerOS-SA-2017-1142)	8 Aug 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : elfutils (EulerOS-SA-2017-1143)	8 Aug 201700:00	–	nessus

Source	Link
blogs	www.blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c
osv	www.osv.dev/vulnerability/SUSE-SU-2022:2614-2
ubuntu	www.ubuntu.com/security/CVE-2017-7612
bdu	www.bdu.fstec.ru/vul/2019-01631
errata	www.errata.altlinux.org/ALT-PU-2017-2003
ubuntu	www.ubuntu.com/security/CVE-2017-7613
osv	www.osv.dev/vulnerability/SUSE-SU-2022:2614-1
osv	www.osv.dev/vulnerability/USN-3670-1
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-7607
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

01 Aug 2022 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.5 - 9.8

CVSS 27.5

CVSS 36.5

EPSS0.01961