Main Vulnerability Database Vulnerabilities #VU13237

#VU13237 Memory corruption in elfutils - CVE-2016-10254

Published: June 7, 2018 / Updated: June 8, 2018

Vulnerability identifier: #VU13237

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-10254

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
elfutils

Software vendor:
Sourceware

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the allocate_elf function of elfutils due to boundary error when handling Executable and Linkable Format (ELF) files by the allocate_elf function, as defined in the common.h source code file. A remote attacker can trick the victim into opening an ELF file that submits malicious input, trigger memory corruption and cause the application to crash.

Remediation

Update to version 0.168.

External links

https://sourceware.org/git/?p=elfutils.git&a=commit&h=191000fdedba3fafe4d5b8cddad3f3...

#VU13237 Memory corruption in elfutils - CVE-2016-10254

Description

Remediation

External links

Please verify you're human