ID CVE-2018-16402
Summary libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
References
Vulnerable Configurations
  • cpe:2.3:a:elfutils_project:elfutils:0.173:*:*:*:*:*:*:*
    cpe:2.3:a:elfutils_project:elfutils:0.173:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-11-2021 - 22:13)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2019:2197
rpms
  • elfutils-0:0.176-2.el7
  • elfutils-debuginfo-0:0.176-2.el7
  • elfutils-default-yama-scope-0:0.176-2.el7
  • elfutils-devel-0:0.176-2.el7
  • elfutils-devel-static-0:0.176-2.el7
  • elfutils-libelf-0:0.176-2.el7
  • elfutils-libelf-devel-0:0.176-2.el7
  • elfutils-libelf-devel-static-0:0.176-2.el7
  • elfutils-libs-0:0.176-2.el7
  • elfutils-0:0.172-4.el7_6
  • elfutils-debuginfo-0:0.172-4.el7_6
  • elfutils-default-yama-scope-0:0.172-4.el7_6
  • elfutils-devel-0:0.172-4.el7_6
  • elfutils-devel-static-0:0.172-4.el7_6
  • elfutils-libelf-0:0.172-4.el7_6
  • elfutils-libelf-devel-0:0.172-4.el7_6
  • elfutils-libelf-devel-static-0:0.172-4.el7_6
  • elfutils-libs-0:0.172-4.el7_6
refmap via4
misc https://sourceware.org/bugzilla/show_bug.cgi?id=23528
mlist [bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image
suse openSUSE-SU-2019:1590
ubuntu USN-4012-1
Last major update 30-11-2021 - 22:13
Published 03-09-2018 - 19:29
Last modified 30-11-2021 - 22:13
Back to Top