cbcvebase.
CVE-2019-7149
published 2019-01-29

CVE-2019-7149: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause…

medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianelfutils< elfutils 0.176-1 (bookworm)elfutils 0.176-1 (bookworm)
elfutils_projectelfutils
elfutils_projectelfutils>= 0 < 0.176-10.176-1
elfutils_projectelfutils>= 0 < 0.176-10.176-1
elfutils_projectelfutils>= 0 < 0.176-10.176-1
elfutils_projectelfutils>= 0 < 0.176-10.176-1
elfutils_projectelfutils>= 0 < 0.176-1.1ubuntu0.10.176-1.1ubuntu0.1
elfutils_projectelfutils>= 0 < 0.158-0ubuntu5.3+esm10.158-0ubuntu5.3+esm1
elfutils_projectelfutils>= 0 < 0.165-3ubuntu1.2+esm10.165-3ubuntu1.2+esm1
elfutils_projectelfutils>= 0 < 0.170-0.4ubuntu0.1+esm10.170-0.4ubuntu0.1+esm1

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM