CVE-2019-7149

CWE-125 — Out-of-bounds Read11 documents8 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Elfutils Project Elfutils

Timeline

PublishedJan 29

Latest updateAug 30

Description

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debianelfutils< 0.176-1+3

▶Ubuntuelfutils< 0.176-1.1ubuntu0.1+3

▶NVDelfutils_project/elfutils0.175

Also affects: Debian Linux 8.0

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

elfutils vulnerabilities↗2023-08-30

▶

GHSA

GHSA-p6pw-x9rh-9c3w: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines↗2022-05-14

▶

OSV

CVE-2019-7149: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines↗2019-01-29

▶

CVEList

CVE-2019-7149: A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines↗2019-01-29

▶

📋Vendor Advisories

Ubuntu

elfutils vulnerabilities↗2023-08-30

▶

Ubuntu

elfutils vulnerabilities↗2019-06-10

▶

Red Hat

elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw↗2019-01-18

▶

Debian

CVE-2019-7149: elfutils - A heap-based buffer over-read was discovered in the function read_srclines in dw...↗2019

▶

💬Community

Bugzilla

CVE-2019-7149 elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw [fedora-all]↗2019-01-31

▶

Bugzilla

CVE-2019-7149 elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw↗2019-01-31

▶