Denial of service in elfutils
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2016-10254 CVE-2017-7609 CVE-2017-7608 CVE-2017-7607 CVE-2016-10255 CVE-2017-7613 CVE-2017-7612 CVE-2017-7611 CVE-2017-7610 |
| CWE-ID | CWE-119 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
elfutils Server applications / File servers (FTP/HTTP) |
| Vendor | Sourceware |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU13237
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-10254
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the allocate_elf function of elfutils due to boundary error when handling Executable and Linkable Format (ELF) files by the allocate_elf function, as defined in the common.h source code file. A remote attacker can trick the victim into opening an ELF file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.168.
Vulnerable software versionselfutils: 0.133 - 0.167
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/git/?p=elfutils.git&a=commit&h=191000fdedba3fafe4d5b8cddad3f3...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Memory corruption
EUVDB-ID: #VU13238
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7609
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the elf_compress.c source code of elfutils due to improper validation of the zlib compression factor before the affected software allocates the output buffer. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.169.
Vulnerable software versionselfutils: 0.133 - 0.168
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/bugzilla/show_bug.cgi?id=21301
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Heap-based buffer overflow
EUVDB-ID: #VU13239
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7608
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the ebl_object_note_type_name function of elfutils due to heap-based buffer overflow when handling Executable and Linkable Format (ELF) files by the ebl_object_note_type_namefunction, as defined in the eblobjnotetypename.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.169.
Vulnerable software versionselfutils: 0.133 - 0.168
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/bugzilla/show_bug.cgi?id=21300
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Heap-based buffer overflow
EUVDB-ID: #VU13240
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7607
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the handle_gnu_hash function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the handle_gnu_hash function, as defined in the readelf.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.169.
Vulnerable software versionselfutils: 0.133 - 0.168
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/bugzilla/show_bug.cgi?id=21299
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Memory corruption
EUVDB-ID: #VU13241
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-10255
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the __libelf_set_rawdata_wrlock function of elfutils due to boundary error when hhandling of sh_off and sh_size Executable and Linkable Format (ELF) header values by the __libelf_set_rawdata_wrlock function, as defined in the elf_getdata.c source code file. A remote attacker can trick the victim into opening an ELF file that submits malicious sh_off or sh_size ELF header values, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.168.
Vulnerable software versionselfutils: 0.133 - 0.167
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/git/?p=elfutils.git&a=commit&h=09ec02ec7f7e6913d10943148e2a898264345b07
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Memory corruption
EUVDB-ID: #VU13242
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7613
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the elflint.c source code of elfutils due to boundary error when sanitization checks of the number of eshnum sections and ephnum segments. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.169.
Vulnerable software versionselfutils: 0.133 - 0.168
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/bugzilla/show_bug.cgi?id=21312
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Heap-based buffer overflow
EUVDB-ID: #VU13243
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7612
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the check_sysv_hash function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_sysv_hash function, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.169.
Vulnerable software versionselfutils: 0.133 - 0.168
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/bugzilla/show_bug.cgi?id=21311
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Heap-based buffer overflow
EUVDB-ID: #VU13244
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7611
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the check_symtab_shndx function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_symtab_shndxfunction, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.169.
Vulnerable software versionselfutils: 0.133 - 0.168
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/bugzilla/show_bug.cgi?id=21310
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Heap-based buffer overflow
EUVDB-ID: #VU13245
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-7610
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the check_group function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_group function, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 0.169.
Vulnerable software versionselfutils: 0.133 - 0.168
CPE2.3- cpe:2.3:a:sourceware:elfutils:0.167:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.166:*:*:*:*:*:*:*
- cpe:2.3:a:sourceware:elfutils:0.165:*:*:*:*:*:*:*
http://sourceware.org/bugzilla/show_bug.cgi?id=21320
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
