CVE-2019-7664

CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 42.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elfutils Project Elfutils Redhat Enterprise Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedFeb 9

Latest updateMay 13

Description

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶Debianelfutils< 0.176-1+3

▶NVDelfutils_project/elfutils0.175

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6

🔴Vulnerability Details

GHSA

GHSA-mvjm-8853-rpx4: In elfutils 0↗2022-05-13

▶

OSV

CVE-2019-7664: In elfutils 0↗2019-02-09

▶

CVEList

CVE-2019-7664: In elfutils 0↗2019-02-09

▶

📋Vendor Advisories

Red Hat

elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h↗2019-01-11

▶

Debian

CVE-2019-7664: elfutils - In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libel...↗2019

▶

💬Community

Bugzilla

CVE-2019-7664 elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h [fedora-all]↗2019-02-15

▶

Bugzilla

CVE-2019-7664 elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h↗2019-02-15

▶