#VU36734 Out-of-bounds read in elfutils - CVE-2018-16403

Cybersecurity Help s.r.o.

Published: 2018-09-03 | Updated: 2020-08-08

Vulnerability identifier: #VU36734

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-16403

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
elfutils
Server applications / File servers (FTP/HTTP)

Vendor: Sourceware

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

elfutils: 0.173

External links
https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://access.redhat.com/errata/RHSA-2019:2197
https://sourceware.org/bugzilla/show_bug.cgi?id=23529
https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda
https://usn.ubuntu.com/4012-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

VMware Tanzu products update for elfutils

Ubuntu update for elfutils

SUSE update for dwarves and elfutils

Red Hat Enterprise Linux 7 update for elfutils

OpenSUSE Linux update for elfutils

Multiple vulnerabilities in Sourceware elfutils