CVE-2024-25260
published 2024-02-20CVE-2024-25260: elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
medium4CVSS 3.1
AVLACLPRNUINSUCNINAL
elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | elfutils | — | — |
| elfutils_project | elfutils | — | — |
| elfutils_project | elfutils | >= 0 < 0.186-1ubuntu0.1 | 0.186-1ubuntu0.1 |
| elfutils_project | elfutils | >= 0 < 0.190-1.1ubuntu0.1 | 0.190-1.1ubuntu0.1 |
| msrc | azl3_elfutils_0.189-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_elfutils_0.189-6_on_azure_linux_3.0 | — | — |
CVSS provenance
nvdv3.14.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv4.0MEDIUM