Multiple vulnerabilities in Sourceware elfutils
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-16402 CVE-2018-16403 |
| CWE-ID | CWE-415 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
elfutils Server applications / File servers (FTP/HTTP) |
| Vendor | Sourceware |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Double Free
EUVDB-ID: #VU36733
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-16402
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
MitigationInstall update from vendor's website.
Vulnerable software versionselfutils: 0.173
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://access.redhat.com/errata/RHSA-2019:2197
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://sourceware.org/bugzilla/show_bug.cgi?id=23528
https://usn.ubuntu.com/4012-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU36734
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-16403
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
MitigationInstall update from vendor's website.
Vulnerable software versionselfutils: 0.173
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://access.redhat.com/errata/RHSA-2019:2197
https://sourceware.org/bugzilla/show_bug.cgi?id=23529
https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda
https://usn.ubuntu.com/4012-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
