#VU36733 Double Free in elfutils - CVE-2018-16402

Cybersecurity Help s.r.o.

Published: 2018-09-03 | Updated: 2020-08-08

Vulnerability identifier: #VU36733

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-16402

CWE-ID: CWE-415

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
elfutils
Server applications / File servers (FTP/HTTP)

Vendor: Sourceware

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

Mitigation
Install update from vendor's website.

Vulnerable software versions

elfutils: 0.173

External links
https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://access.redhat.com/errata/RHSA-2019:2197
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://sourceware.org/bugzilla/show_bug.cgi?id=23528
https://usn.ubuntu.com/4012-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for dwarves and elfutils

Red Hat Enterprise Linux 7.6 Extended Update Support update for elfutils

Red Hat Enterprise Linux 7 update for elfutils

OpenSUSE Linux update for elfutils

Multiple vulnerabilities in Sourceware elfutils