Main Vulnerability Database Vulnerabilities #VU17697

Memory corruption in elfutils - CVE-2019-7664

Published: February 14, 2019

Vulnerability identifier: #VU17697

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2019-7664

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sourceware

Affected software:
elfutils

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper overflow checks by the elf_cvt_note function, as defined in the libelf/note_xlate.h source code file . A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the affected application to crash, resulting in a DoS condition.

How to mitigate CVE-2019-7664

Install updates from vendor's website.

Sources

https://sourceware.org/bugzilla/show_bug.cgi?id=24084

Memory corruption in elfutils - CVE-2019-7664

Detailed vulnerability description

How to mitigate CVE-2019-7664

Sources

Please verify you're human