Lucene search

K

Veracode Vulnerability DatabaseVERACODE:27171

HistorySep 21, 2020 - 6:39 a.m.

Denial Of Service (DoS)

2020-09-2106:39:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

elfutils is vulnerable to denial of service. The allocate_elf function in common.h allows remote attackers to crash the application via a malicious ELF file, which would trigger a memory allocation failure.

CPENameOperatorVersion
elfutils:xenialeq0.165-3ubuntu1
elfutils:trustyeq0.158-0ubuntu5
elfutils:xenialeq0.165-3ubuntu1
elfutils:trustyeq0.158-0ubuntu5

References

www.openwall.com/lists/oss-security/2017/03/22/2

blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/

lists.fedorahosted.org/archives/list/[email protected]/message/EJWVY7TMRDEMWPAPNVU3V4MZYG5HANF2/

security.gentoo.org/glsa/201710-10

usn.ubuntu.com/3670-1/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

Related for VERACODE:27171

nessus5 debiancve1 osv1 ubuntucve1 cve1 redhatcve1 openvas5 prion1 mageia1 ubuntu1 gentoo1 ibm1