PT-2017-3781 · Red Hat +3 · Elfutils +3

Name of the Vulnerable Software and Affected Versions: elfutils version 0.168 Description: The issue is related to insufficient validation of the number of sections and segments in ELF files, which can be exploited by a remote attacker to cause a denial of service, specifically memory consumption...

CVE-2016-10254

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

DEBIAN-CVE-2016-10255

The libelfsetrawdatawrlock function in elfgetdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted 1 shoff or 2 shsize ELF header value, which triggers a memory allocation failure...

CVE-2016-10254

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

CVE-2016-10255

The libelfsetrawdatawrlock function in elfgetdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted 1 shoff or 2 shsize ELF header value, which triggers a memory allocation failure...

DEBIAN-CVE-2016-10254

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

Design/Logic Flaw

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

CVE-2016-10255

The libelfsetrawdatawrlock function in elfgetdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted 1 shoff or 2 shsize ELF header value, which triggers a memory allocation failure...

CVE-2016-10254

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

CVE-2016-10254

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

CVE-2016-10255

Elfutils: CVE-2016-10255 affects the __libelf_set_rawdata_wrlock path in elf_getdata.c, where crafted sh_off/sh_size ELF header values can trigger a memory allocation failure and crash. This corresponds to memory allocation issues that enable a Denial of Service via a crafted ELF file. Affected p...

CVE-2016-10255

The libelfsetrawdatawrlock function in elfgetdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted 1 shoff or 2 shsize ELF header value, which triggers a memory allocation failure...

UBUNTU-CVE-2016-10255

The libelfsetrawdatawrlock function in elfgetdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted 1 shoff or 2 shsize ELF header value, which triggers a memory allocation failure...

UBUNTU-CVE-2016-10254

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

CVE-2016-10255

The libelfsetrawdatawrlock function in elfgetdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted 1 shoff or 2 shsize ELF header value, which triggers a memory allocation failure...

elfutils: Heap-based buffer overflow

Background Elfutils provides a library and utilities to access, modify and analyse ELF objects. Description An integer overflow, in the checksection function of dwarfbeginelf.c, in the libdw library can lead to a heap-based buffer overflow. Impact A remote attacker could entice a user to open a...

GLSA-201612-32 : elfutils: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-201612-32 elfutils: Heap-based buffer overflow An integer overflow, in the checksection function of dwarfbeginelf.c, in the libdw library can lead to a heap-based buffer overflow. Impact : A remote attacker could entice a user to...

Low: Red Hat Enhancement Advisory: elfutils bug fix and enhancement update

Updated elfutils packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages have been...

elfutils: directory traversal in read_long_names()

Directory traversal vulnerability in the readlongnames function in libelf/elfbegin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / slash in a crafted archive, as demonstrated using the ar program...

Amazon Linux: Security Advisory (ALAS-2014-345)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...