CVE-2020-21047Out-of-bounds Write in Project Elfutils

CWE-787Out-of-bounds Write7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elfutils Project Elfutils
Timeline
PublishedAug 22
Latest updateAug 30

Description

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

Debianelfutils_project/elfutils< 0.180-1+3

🔴Vulnerability Details

4
OSV
elfutils vulnerabilities2023-08-30
GHSA
GHSA-q33x-5cf5-cqqv: The libcpu component which is used by libasm of elfutils version 02023-08-22
OSV
CVE-2020-21047: The libcpu component which is used by libasm of elfutils version 02023-08-22
CVEList
CVE-2020-21047: The libcpu component which is used by libasm of elfutils version 02023-08-22

📋Vendor Advisories

2
Ubuntu
elfutils vulnerabilities2023-08-30
Debian
CVE-2020-21047: elfutils - The libcpu component which is used by libasm of elfutils version 0.177 (git 4778...2020
CVE-2020-21047 — Out-of-bounds Write | cvebase