Main Vulnerability Database Vulnerabilities #VU13241

Memory corruption in elfutils - CVE-2016-10255

Published: June 8, 2018

Vulnerability identifier: #VU13241

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-10255

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sourceware

Affected software:
elfutils

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the __libelf_set_rawdata_wrlock function of elfutils due to boundary error when hhandling of sh_off and sh_size Executable and Linkable Format (ELF) header values by the __libelf_set_rawdata_wrlock function, as defined in the elf_getdata.c source code file. A remote attacker can trick the victim into opening an ELF file that submits malicious sh_off or sh_size ELF header values, trigger memory corruption and cause the application to crash.

How to mitigate CVE-2016-10255

Update to version 0.168.

Sources

https://sourceware.org/git/?p=elfutils.git&a=commit&h=09ec02ec7f7e6913d10943148e2a898264345b07

Memory corruption in elfutils - CVE-2016-10255

Detailed vulnerability description

How to mitigate CVE-2016-10255

Sources

Please verify you're human