Denial Of Service (DoS)

elfutils is vulnerable to denial of service DoS. The attack is due to divide-by-zero error in the function arlibaddsymbols in arlib.c...

Denial Of Service (DoS)

elfutils is vulnerable to denial of service DoS attack. The attack is due to a heap-based buffer over-read occured in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils when an attacker passes a malicious input file...

Denial Of Service (DoS)

elfutils is vulnerable to denial of service DoS. A failure to check the dyn data read by the dwflsegmentreportmodule causes a segmentation fault in elf64xlatetom in libelf/elf32xlatetom.c...

Buffer Over-Read

The elfutils package is vulnerable to heap-based buffer over-read in libdw/dwarfgetaranges.c:dwarfgetaranges through a malicious file...

elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarfgetaranges in dwarfgetaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a...

elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarfgetabbrev in dwarfgetabbrev.c and dwarfhasattr in dwarfhasattr.c, leading to a heap-based buffer over-read and an application crash...

elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl

An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by considernotes...

elfutils: eu-size cannot handle recursive ar files

An Invalid Memory Address Dereference exists in the function elfend in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handlear in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a...

elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c

Divide-by-zero vulnerabilities in the function arlibaddsymbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by eu-ranlib, because a zero shentsize is mishandled...

elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...

elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...

elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h

In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...

elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32xlatetom in elf32xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service program crash because eblcorenote does not reject malformed core file notes...

Photon OS 2.0: Elfutils PHSA-2019-2.0-0164

An update of the elfutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0164. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Elfutils PHSA-2019-1.0-0239

An update of the elfutils package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0239. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Elfutils PHSA-2019-3.0-0015

An update of the elfutils package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid126111;...

openSUSE Security Update : elfutils (openSUSE-2019-1590)

This update for elfutils fixes the following issues : Security issues fixed : - CVE-2017-7607: Fixed a heap-based buffer overflow in handlegnuhash bsc1033084 - CVE-2017-7608: Fixed a heap-based buffer overflow in eblobjectnotetypename bsc1033085 - CVE-2017-7609: Fixed a memory allocation failure ...

Critical Photon OS Security Update - PHSA-2019-3.0-0021

Updates of 'linux-secure', 'linux', 'linux-aws', 'elfutils', 'linux-esx', 'python2' packages of Photon OS have been released...

openSUSE: Security Advisory for elfutils (openSUSE-SU-2019:1590-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Critical Photon OS Security Update - PHSA-2019-0021

Updates of 'python2', 'elfutils', 'linux-esx', 'linux', 'linux-secure', 'linux-aws' packages of Photon OS have been released...