Elfutils Project » Elfutils : Security Vulnerabilities, CVEs, Published In 2017
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.78%
Published
2017-04-09
Updated
2019-06-20
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.65%
Published
2017-04-09
Updated
2019-10-03
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.65%
Published
2017-04-09
Updated
2019-10-03
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.65%
Published
2017-04-09
Updated
2019-10-03
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.53%
Published
2017-04-09
Updated
2018-06-07
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.43%
Published
2017-04-09
Updated
2019-10-03
The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
Max CVSS
5.5
EPSS Score
0.72%
Published
2017-04-09
Updated
2019-10-03
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
Max CVSS
5.5
EPSS Score
1.26%
Published
2017-03-23
Updated
2018-06-07
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
Max CVSS
5.5
EPSS Score
0.99%
Published
2017-03-23
Updated
2018-06-07
9 vulnerabilities found