Ubuntu update for elfutils
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2018-16062 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665 CVE-2020-21047 CVE-2021-33294 |
| CWE-ID | CWE-125 CWE-20 CWE-476 CWE-369 CWE-787 CWE-835 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system libelf1 (Ubuntu package) Operating systems & Components / Operating system package or component libdw1 (Ubuntu package) Operating systems & Components / Operating system package or component libasm1 (Ubuntu package) Operating systems & Components / Operating system package or component elfutils (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU31220
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16062
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted file.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU36734
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16403
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Segmentation fault
EUVDB-ID: #VU15371
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-18310
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the dwfl_segment_report_module.c source code file in the libdwfl library due to improper handling of Executable and Linkable Format (ELF) files. A local attacker can send an ELF file that submits malicious input, execute the eu-stack command, trigger a segmentation fault and cause the affected application to crash.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Null pointer dereference
EUVDB-ID: #VU15528
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-18520
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the elf_end function, as defined in the size.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger NULL pointer dereference and cause application to crash.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Divide by zero
EUVDB-ID: #VU15527
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-18521
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the arlib_add_symbols function, as defined in the arlib.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger a divide-by-zero condition and cause application to crash.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Heap-based out-of-bounds read
EUVDB-ID: #VU17326
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-7149
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of Executable and Linkable Format (ELF) files by the read_srclines function, as defined in the dwarf_getsrclines.c source code file. A remote attacker can trick the victim into opening a specially crafted an ELF file that submits malicious input, trigger a heap-based buffer over-read condition and cause the affected application to crash, resulting in a DoS condition.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Segmentation fault
EUVDB-ID: #VU17325
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-7150
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient sanitization of user-supplied input by the elf64_xlatetom function as defined in the libelf/elf32_xlatetom.c source code file. A remote attacker can trick the victim into opening a specially crafted file that submits malicious input, trigger a segmentation fault and cause the affected application to crash, resulting in a DoS condition.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Segmentation fault
EUVDB-ID: #VU17718
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-7665
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the ebl_core_note function due to improper check if the values of a NT_PLATFORM core file note is a zero-terminated string. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger a segmentation fault that causes the affected application to crash, resulting in a DoS condition.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Out-of-bounds write
EUVDB-ID: #VU80175
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-21047
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the libcpu component. A remote attacker can create a specially crafted file, trick the victim into opening it and perform a denial of service (DoS) attack.
Update the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Infinite loop
EUVDB-ID: #VU80176
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33294
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the handle_symtab() function in readelf.c. A remote attacker can consume all available system resources and trigger denial of service condition.
MitigationUpdate the affected package elfutils to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 20.04
libelf1 (Ubuntu package): before Ubuntu Pro
libdw1 (Ubuntu package): before Ubuntu Pro
libasm1 (Ubuntu package): before Ubuntu Pro
elfutils (Ubuntu package): before Ubuntu Pro
External linkshttp://ubuntu.com/security/notices/USN-6322-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
