CVE-2019-7148
published 2019-01-29CVE-2019-7148: An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | elfutils | < elfutils 0.176-1 (bookworm) | elfutils 0.176-1 (bookworm) |
| elfutils_project | elfutils | — | — |
| elfutils_project | elfutils | >= 0 < 0.176-1 | 0.176-1 |
| elfutils_project | elfutils | >= 0 < 0.176-1 | 0.176-1 |
| elfutils_project | elfutils | >= 0 < 0.176-1 | 0.176-1 |
| elfutils_project | elfutils | >= 0 < 0.176-1 | 0.176-1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM