ID CVE-2019-7664
Summary In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
References
Vulnerable Configurations
  • cpe:2.3:a:elfutils_project:elfutils:0.175:*:*:*:*:*:*:*
    cpe:2.3:a:elfutils_project:elfutils:0.175:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 28-02-2023 - 20:45)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2019:2197
  • rhsa
    id RHSA-2019:3575
rpms
  • elfutils-0:0.176-2.el7
  • elfutils-debuginfo-0:0.176-2.el7
  • elfutils-default-yama-scope-0:0.176-2.el7
  • elfutils-devel-0:0.176-2.el7
  • elfutils-devel-static-0:0.176-2.el7
  • elfutils-libelf-0:0.176-2.el7
  • elfutils-libelf-devel-0:0.176-2.el7
  • elfutils-libelf-devel-static-0:0.176-2.el7
  • elfutils-libs-0:0.176-2.el7
  • elfutils-0:0.176-5.el8
  • elfutils-debuginfo-0:0.176-5.el8
  • elfutils-debugsource-0:0.176-5.el8
  • elfutils-default-yama-scope-0:0.176-5.el8
  • elfutils-devel-0:0.176-5.el8
  • elfutils-devel-static-0:0.176-5.el8
  • elfutils-libelf-0:0.176-5.el8
  • elfutils-libelf-debuginfo-0:0.176-5.el8
  • elfutils-libelf-devel-0:0.176-5.el8
  • elfutils-libelf-devel-static-0:0.176-5.el8
  • elfutils-libs-0:0.176-5.el8
  • elfutils-libs-debuginfo-0:0.176-5.el8
refmap via4
misc https://sourceware.org/bugzilla/show_bug.cgi?id=24084
Last major update 28-02-2023 - 20:45
Published 09-02-2019 - 16:29
Last modified 28-02-2023 - 20:45
Back to Top