CVE-2018-18310

CWE-119Buffer OverflowCWE-125Out-of-bounds Read11 documents8 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 73.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Elfutils Project ElfutilsCanonical Ubuntu LinuxDebian Debian Linux+4 more
Timeline
PublishedOct 15
Latest updateAug 30

Description

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

Debianelfutils< 0.175-1+3
Ubuntuelfutils< 0.176-1.1ubuntu0.1+3
NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 18.10

Patches

Patch: sourceware.orgPatch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

4
OSV
elfutils vulnerabilities2023-08-30
GHSA
GHSA-h443-vvj7-wc74: An invalid memory address dereference was discovered in dwfl_segment_report_module2022-05-13
CVEList
CVE-2018-18310: An invalid memory address dereference was discovered in dwfl_segment_report_module2018-10-15
OSV
CVE-2018-18310: An invalid memory address dereference was discovered in dwfl_segment_report_module2018-10-15

📋Vendor Advisories

4
Ubuntu
elfutils vulnerabilities2023-08-30
Ubuntu
elfutils vulnerabilities2019-06-10
Red Hat
elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl2018-10-10
Debian
CVE-2018-18310: elfutils - An invalid memory address dereference was discovered in dwfl_segment_report_modu...2018

💬Community

2
Bugzilla
CVE-2018-18310 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl [fedora-all]2018-10-24
Bugzilla
CVE-2018-18310 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl2018-10-24