Main Vulnerability Database Vulnerabilities #VU13244

#VU13244 Heap-based buffer overflow in elfutils - CVE-2017-7611

Published: June 8, 2018

Vulnerability identifier: #VU13244

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-7611

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
elfutils

Software vendor:
Sourceware

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the check_symtab_shndx function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_symtab_shndxfunction, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.

Remediation

Update to version 0.169.

External links

https://sourceware.org/bugzilla/show_bug.cgi?id=21310