SB2023101981 - VMware Tanzu products update for elfutils

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023101981

SB2023101981 - VMware Tanzu products update for elfutils

Published: October 19, 2023

Security Bulletin ID SB2023101981
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2018-16062)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted file.


2) Out-of-bounds read (CVE-ID: CVE-2018-16403)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.


3) Segmentation fault (CVE-ID: CVE-2018-18310)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the dwfl_segment_report_module.c source code file in the libdwfl library due to improper handling of Executable and Linkable Format (ELF) files. A local attacker can send an ELF file that submits malicious input, execute the eu-stack command, trigger a segmentation fault and cause the affected application to crash.


4) Null pointer dereference (CVE-ID: CVE-2018-18520)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the elf_end function, as defined in the size.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger NULL pointer dereference and cause application to crash.


5) Divide by zero (CVE-ID: CVE-2018-18521)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the arlib_add_symbols function, as defined in the arlib.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger a divide-by-zero condition and cause application to crash.


6) Heap-based out-of-bounds read (CVE-ID: CVE-2019-7149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of Executable and Linkable Format (ELF) files by the read_srclines function, as defined in the dwarf_getsrclines.c source code file. A remote attacker can trick the victim into opening a specially crafted an ELF file that submits malicious input, trigger a heap-based buffer over-read condition and cause the affected application to crash, resulting in a DoS condition.


7) Segmentation fault (CVE-ID: CVE-2019-7150)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient sanitization of user-supplied input by the elf64_xlatetom function as defined in the libelf/elf32_xlatetom.c source code file. A remote attacker can trick the victim into opening a specially crafted file that submits malicious input, trigger a segmentation fault and cause the affected application to crash, resulting in a DoS condition.


8) Segmentation fault (CVE-ID: CVE-2019-7665)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ebl_core_note function due to improper check if the values of a NT_PLATFORM core file note is a zero-terminated string. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger a segmentation fault that causes the affected application to crash, resulting in a DoS condition. 


9) Out-of-bounds write (CVE-ID: CVE-2020-21047)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the libcpu component. A remote attacker can create a specially crafted file, trick the victim into opening it and perform a denial of service (DoS) attack.


10) Infinite loop (CVE-ID: CVE-2021-33294)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the handle_symtab() function in readelf.c. A remote attacker can consume all available system resources and trigger denial of service condition.


Remediation

Install update from vendor's website.

References