Main Vulnerability Database SB2017042609

SB2017042609 - Heap-based buffer overflow in elfutils (Alpine package)

Published: April 26, 2017

Security Bulletin ID SB2017042609

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Heap-based buffer overflow (CVE-ID: CVE-2017-7608)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ebl_object_note_type_name function of elfutils due to heap-based buffer overflow when handling Executable and Linkable Format (ELF) files by the ebl_object_note_type_namefunction, as defined in the eblobjnotetypename.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.

Remediation

Install update from vendor's website.

SB2017042609 - Heap-based buffer overflow in elfutils (Alpine package)

Breakdown by Severity

Description

Remediation

References