CVE-2018-18520

CWE-119Buffer Overflow11 documents8 sources
Severity
6.5MEDIUM
EPSS
0.9%
top 24.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Elfutils Project ElfutilsCanonical Ubuntu LinuxDebian Debian Linux+4 more
Timeline
PublishedOct 19
Latest updateAug 30

Description

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

Debianelfutils< 0.175-1+3
Ubuntuelfutils< 0.176-1.1ubuntu0.1+3
NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 18.10

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

4
OSV
elfutils vulnerabilities2023-08-30
GHSA
GHSA-g4gh-9444-xxxh: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v02022-05-13
CVEList
CVE-2018-18520: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v02018-10-19
OSV
CVE-2018-18520: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v02018-10-19

📋Vendor Advisories

4
Ubuntu
elfutils vulnerabilities2023-08-30
Ubuntu
elfutils vulnerabilities2019-06-10
Red Hat
elfutils: eu-size cannot handle recursive ar files2018-10-17
Debian
CVE-2018-18520: elfutils - An Invalid Memory Address Dereference exists in the function elf_end in libelf i...2018

💬Community

2
Bugzilla
CVE-2018-18520 elfutils: eu-size cannot handle recursive ar files [fedora-all]2018-11-05
Bugzilla
CVE-2018-18520 elfutils: eu-size cannot handle recursive ar files2018-11-05