ID CVE-2018-18521
Summary Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
References
Vulnerable Configurations
  • cpe:2.3:a:elfutils_project:elfutils:0.174:*:*:*:*:*:*:*
    cpe:2.3:a:elfutils_project:elfutils:0.174:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-11-2021 - 21:59)
Impact:
Exploitability:
CWE CWE-369
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2019:2197
rpms
  • elfutils-0:0.176-2.el7
  • elfutils-debuginfo-0:0.176-2.el7
  • elfutils-default-yama-scope-0:0.176-2.el7
  • elfutils-devel-0:0.176-2.el7
  • elfutils-devel-static-0:0.176-2.el7
  • elfutils-libelf-0:0.176-2.el7
  • elfutils-libelf-devel-0:0.176-2.el7
  • elfutils-libelf-devel-static-0:0.176-2.el7
  • elfutils-libs-0:0.176-2.el7
refmap via4
misc
mlist [debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update
suse openSUSE-SU-2019:1590
ubuntu USN-4012-1
Last major update 30-11-2021 - 21:59
Published 19-10-2018 - 17:29
Last modified 30-11-2021 - 21:59
Back to Top