PT-2019-1675 · Red Hat +5 · Elfutils +6

🗓️ 18 Jan 2019 00:00:00Reported by Positive TechnologiesType

Heap over-read in elfutils 0.175 may crash with crafted ELF files, causing a denial of service; patch recommended.

Reporter	Title	Published	Views	Family All 549
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs	29 Apr 202502:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows	25 Feb 201920:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM CICS TX Advanced is vulnerable to a Denial of Service (CVE-2021-33294 and CVE-2020-21047).	1 Feb 202414:18	–	ibm
Tenable Nessus	Amazon Linux 2 : elfutils (ALAS-2019-1337)	25 Oct 201900:00	–	nessus
Tenable Nessus	Amazon Linux 2 : elfutils (ALAS-2023-2197)	14 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : elfutils (ALAS-2023-2259)	20 Sep 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0041: elfutils (ALINUX3-SA-2022:0041)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : elfutils (CESA-2019:3575)	29 Jan 202100:00	–	nessus
Tenable Nessus	CentOS 7 : elfutils (CESA-2019:2197)	30 Aug 201900:00	–	nessus
Tenable Nessus	Debian DLA-1689-1 : elfutils security update	26 Feb 201900:00	–	nessus

Source	Link
sourceware	www.sourceware.org/bugzilla/show_bug.cgi
bdu	www.bdu.fstec.ru/vul/2023-07670
osv	www.osv.dev/vulnerability/SUSE-SU-2022:2614-2
ubuntu	www.ubuntu.com/security/CVE-2019-7665
security-tracker	www.security-tracker.debian.org/tracker/source-package/elfutils
ubuntu	www.ubuntu.com/security/CVE-2018-18520
ubuntu	www.ubuntu.com/security/CVE-2020-21047
sourceware	www.sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
bdu	www.bdu.fstec.ru/vul/2019-01631
ubuntu	www.ubuntu.com/security/notices/USN-4012-1

30 Aug 2023 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 27.5 - 7.8

CVSS 36.5

CVSS 3.19.8

EPSS0.01961

SSVC