Main Vulnerability Database Vulnerabilities #VU17697

#VU17697 Memory corruption in elfutils - CVE-2019-7664

Published: February 14, 2019

Vulnerability identifier: #VU17697

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2019-7664

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
elfutils

Software vendor:
Sourceware

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper overflow checks by the elf_cvt_note function, as defined in the libelf/note_xlate.h source code file . A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the affected application to crash, resulting in a DoS condition.

Remediation

Install updates from vendor's website.

External links

https://sourceware.org/bugzilla/show_bug.cgi?id=24084