Main Vulnerability Database Vulnerabilities #VU13238

Memory corruption in elfutils - CVE-2017-7609

Published: June 8, 2018

Vulnerability identifier: #VU13238

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-7609

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sourceware

Affected software:
elfutils

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the elf_compress.c source code of elfutils due to improper validation of the zlib compression factor before the affected software allocates the output buffer. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.

How to mitigate CVE-2017-7609

Update to version 0.169.

Sources

https://sourceware.org/bugzilla/show_bug.cgi?id=21301

Memory corruption in elfutils - CVE-2017-7609

Detailed vulnerability description

How to mitigate CVE-2017-7609

Sources

Please verify you're human