Main Vulnerability Database Vulnerabilities #VU13239

Heap-based buffer overflow in elfutils - CVE-2017-7608

Published: June 8, 2018

Vulnerability identifier: #VU13239

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-7608

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sourceware

Affected software:
elfutils

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ebl_object_note_type_name function of elfutils due to heap-based buffer overflow when handling Executable and Linkable Format (ELF) files by the ebl_object_note_type_namefunction, as defined in the eblobjnotetypename.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.

How to mitigate CVE-2017-7608

Update to version 0.169.

Sources

https://sourceware.org/bugzilla/show_bug.cgi?id=21300

Heap-based buffer overflow in elfutils - CVE-2017-7608

Detailed vulnerability description

How to mitigate CVE-2017-7608

Sources

Please verify you're human