CVE-2014-0172 — Integer Overflow or Wraparound in Project Elfutils

CWE-189 CWE-190 — Integer Overflow or Wraparound10 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

1.8%

top 17.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elfutils Project Elfutils

Timeline

PublishedApr 11

Latest updateMay 17

Description

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianelfutils_project/elfutils< 0.158-1+3

▶NVDelfutils_project/elfutils6 versions+5

Patches

Patch: lists.fedorahosted.org ↗Patch: lists.fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-q6c9-79p5-7pgm: Integer overflow in the check_section function in dwarf_begin_elf↗2022-05-17

▶

OSV

CVE-2014-0172: Integer overflow in the check_section function in dwarf_begin_elf↗2014-04-11

▶

CVEList

CVE-2014-0172: Integer overflow in the check_section function in dwarf_begin_elf↗2014-04-11

▶

📋Vendor Advisories

Ubuntu

elfutils vulnerability↗2014-04-30

▶

Red Hat

elfutils: integer overflow, leading to a heap-based buffer overflow in libdw↗2014-04-09

▶

Debian

CVE-2014-0172: elfutils - Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw...↗2014

▶

💬Community

Bugzilla

CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw↗2014-04-09

▶

Bugzilla

CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw [fedora-all]↗2014-04-09

▶

Bugzilla

CVE-2014-0018 jboss-as-server: Unchecked access to MSC Service Registry under JSM↗2014-01-14

▶