CVE-2017-7607Out-of-bounds Read in Project Elfutils

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.6%
top 30.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elfutils Project Elfutils
Timeline
PublishedApr 9
Latest updateMay 13

Description

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianelfutils_project/elfutils< 0.168-1+3

Patches

Patch: blogs.gentoo.orgPatch: blogs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-78hq-848f-rjwp: The handle_gnu_hash function in readelf2022-05-13
CVEList
CVE-2017-7607: The handle_gnu_hash function in readelf2017-04-09
OSV
CVE-2017-7607: The handle_gnu_hash function in readelf2017-04-09

📋Vendor Advisories

3
Ubuntu
elfutils vulnerabilities2018-06-05
Red Hat
elfutils: Heap-buffer overflow in the handle_gnu_hash function2017-04-04
Debian
CVE-2017-7607: elfutils - The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attack...2017

💬Community

2
Bugzilla
CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 elfutils: various flaws [fedora-all]2017-04-12
Bugzilla
CVE-2017-7607 elfutils: Heap-buffer overflow in the handle_gnu_hash function2017-04-12
CVE-2017-7607 — Out-of-bounds Read in Project Elfutils | cvebase