Elfutils Project Elfutils vulnerabilities
33 known vulnerabilities affecting elfutils_project/elfutils.
Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM29LOW2
Vulnerabilities
Page 2 of 2
CVE-2018-16062MEDIUMCVSS 5.5fixed in 0.1742018-08-29
CVE-2018-16062 [MEDIUM] CWE-125 CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attacker
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
nvd
CVE-2018-8769HIGHCVSS 7.8v0.1702018-03-18
CVE-2018-8769 [HIGH] CWE-125 CVE-2018-8769: elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagna
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
nvd
CVE-2017-7610MEDIUMCVSS 5.5v0.1682017-04-09
CVE-2017-7610 [MEDIUM] CWE-125 CVE-2017-7610: The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
nvd
CVE-2017-7607MEDIUMCVSS 5.5v0.1682017-04-09
CVE-2017-7607 [MEDIUM] CWE-125 CVE-2017-7607: The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denia
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
nvd
CVE-2017-7612MEDIUMCVSS 5.5v0.1682017-04-09
CVE-2017-7612 [MEDIUM] CWE-125 CVE-2017-7612: The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denia
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
nvd
CVE-2017-7608MEDIUMCVSS 5.5v0.1682017-04-09
CVE-2017-7608 [MEDIUM] CWE-125 CVE-2017-7608: The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attac
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
nvd
CVE-2017-7609MEDIUMCVSS 5.5v0.1682017-04-09
CVE-2017-7609 [MEDIUM] CWE-20 CVE-2017-7609: elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
nvd
CVE-2017-7613MEDIUMCVSS 5.5v0.1682017-04-09
CVE-2017-7613 [MEDIUM] CWE-20 CVE-2017-7613: elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, whi
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
nvd
CVE-2017-7611MEDIUMCVSS 5.5v0.1682017-04-09
CVE-2017-7611 [MEDIUM] CWE-125 CVE-2017-7611: The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a de
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
nvd
CVE-2016-10255MEDIUMCVSS 5.5≤ 0.1672017-03-23
CVE-2016-10255 [MEDIUM] CWE-119 CVE-2016-10255: The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote att
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
nvd
CVE-2016-10254MEDIUMCVSS 5.5≤ 0.1672017-03-23
CVE-2016-10254 [MEDIUM] CWE-119 CVE-2016-10254: The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a de
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
nvd
CVE-2014-9447MEDIUMCVSS 6.4v0.152v0.1612015-01-02
CVE-2014-9447 [MEDIUM] CWE-22 CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
nvd
CVE-2014-0172MEDIUMCVSS 6.8v0.153v0.154+4 more2014-04-11
CVE-2014-0172 [MEDIUM] CWE-189 CVE-2014-0172: Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
nvd
← Previous2 / 2