cbcvebase.

Debian Elfutils vulnerabilities

33 known vulnerabilities affecting debian/elfutils.

Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM12LOW21

Vulnerabilities

Page 2 of 2
CVE-2018-8769LOWCVSS 7.82018
CVE-2018-8769 [HIGH] CVE-2018-8769: elfutils - elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of li... elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2018-16403LOWCVSS 5.5fixed in elfutils 0.175-1 (bookworm)2018
CVE-2018-16403 [MEDIUM] CVE-2018-16403: elfutils - libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwa... libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash. Scope: local bookworm: resolved (fixed in 0.175-1) bullseye: resolved (fixed in 0.175-1) forky: resolved (fixed in 0.175-1) sid: resolved (fixed i
debian
CVE-2017-7611MEDIUMCVSS 5.5fixed in elfutils 0.168-1 (bookworm)2017
CVE-2017-7611 [MEDIUM] CVE-2017-7611: elfutils - The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote att... The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 0.168-1) bullseye: resolved (fixed in 0.168-1) forky: resolved (fixed in 0.168-1) sid: resolved (fixed in 0.168-1) trixie: resolved (
debian
CVE-2017-7612MEDIUMCVSS 5.5fixed in elfutils 0.168-1 (bookworm)2017
CVE-2017-7612 [MEDIUM] CVE-2017-7612: elfutils - The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attack... The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 0.168-1) bullseye: resolved (fixed in 0.168-1) forky: resolved (fixed in 0.168-1) sid: resolved (fixed in 0.168-1) trixie: resolved (fix
debian
CVE-2017-7610MEDIUMCVSS 5.5fixed in elfutils 0.168-1 (bookworm)2017
CVE-2017-7610 [MEDIUM] CVE-2017-7610: elfutils - The check_group function in elflint.c in elfutils 0.168 allows remote attackers ... The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 0.168-1) bullseye: resolved (fixed in 0.168-1) forky: resolved (fixed in 0.168-1) sid: resolved (fixed in 0.168-1) trixie: resolved (fixed i
debian
CVE-2017-7613MEDIUMCVSS 5.5fixed in elfutils 0.168-1 (bookworm)2017
CVE-2017-7613 [MEDIUM] CVE-2017-7613: elfutils - elflint.c in elfutils 0.168 does not validate the number of sections and the num... elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 0.168-1) bullseye: resolved (fixed in 0.168-1) forky: resolved (fixed in 0.168-1) sid: resolved (fixed in 0.168-1) trixie: r
debian
CVE-2017-7607MEDIUMCVSS 5.5fixed in elfutils 0.168-1 (bookworm)2017
CVE-2017-7607 [MEDIUM] CVE-2017-7607: elfutils - The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attack... The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 0.168-1) bullseye: resolved (fixed in 0.168-1) forky: resolved (fixed in 0.168-1) sid: resolved (fixed in 0.168-1) trixie: resolved (fix
debian
CVE-2017-7609MEDIUMCVSS 5.5fixed in elfutils 0.168-1 (bookworm)2017
CVE-2017-7609 [MEDIUM] CVE-2017-7609: elfutils - elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, ... elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 0.168-1) bullseye: resolved (fixed in 0.168-1) forky: resolved (fixed in 0.168-1) sid: resolved (fixed in 0.168-1) trixie: resolved (fixed in
debian
CVE-2017-7608MEDIUMCVSS 5.5fixed in elfutils 0.168-1 (bookworm)2017
CVE-2017-7608 [MEDIUM] CVE-2017-7608: elfutils - The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168... The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. Scope: local bookworm: resolved (fixed in 0.168-1) bullseye: resolved (fixed in 0.168-1) forky: resolved (fixed in 0.168-1) sid: resolved (fixed in 0.168-1)
debian
CVE-2016-10255LOWCVSS 5.5fixed in elfutils 0.168-0.2 (bookworm)2016
CVE-2016-10255 [MEDIUM] CVE-2016-10255: elfutils - The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.1... The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. Scope: local bookworm: resolved (fixed in 0.168-0.2) bullseye: resolved (fixed in 0.168-0.2) forky: resolved (fixed in
debian
CVE-2016-10254LOWCVSS 5.5fixed in elfutils 0.168-0.2 (bookworm)2016
CVE-2016-10254 [MEDIUM] CVE-2016-10254: elfutils - The allocate_elf function in common.h in elfutils before 0.168 allows remote att... The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. Scope: local bookworm: resolved (fixed in 0.168-0.2) bullseye: resolved (fixed in 0.168-0.2) forky: resolved (fixed in 0.168-0.2) sid: resolved (fixed in 0.168-0.2) trixie:
debian
CVE-2014-9447MEDIUMCVSS 6.4fixed in elfutils 0.159-4.1 (bookworm)2014
CVE-2014-9447 [MEDIUM] CVE-2014-9447: elfutils - Directory traversal vulnerability in the read_long_names function in libelf/elf_... Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. Scope: local bookworm: resolved (fixed in 0.159-4.1) bullseye: resolved (fixed in 0.159-4.1) forky: r
debian
CVE-2014-0172LOWCVSS 6.8fixed in elfutils 0.158-1 (bookworm)2014
CVE-2014-0172 [MEDIUM] CVE-2014-0172: elfutils - Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw... Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow. Scope: local b
debian
← Previous2 / 2