CVE-2017-7611

Опубликовано: 09 апр. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
Third Party Advisory
https://security.gentoo.org/glsa/201710-10
Third Party Advisory
https://usn.ubuntu.com/3670-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
Third Party Advisory
https://security.gentoo.org/glsa/201710-10
Third Party Advisory
https://usn.ubuntu.com/3670-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elfutils_project:elfutils:0.168:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 66%

0.00514

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2017-7611

CVSS3: 5.5

ubuntu

почти 9 лет назад

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVE-2017-7611

CVSS3: 3.3

redhat

почти 9 лет назад

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVE-2017-7611

CVSS3: 5.5

debian

почти 9 лет назад

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...

GHSA-6mfq-hfj8-4m6f

CVSS3: 5.5

github

больше 3 лет назад

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

openSUSE-SU-2019:1590-1

suse-cvrf

больше 6 лет назад

Security update for elfutils

EPSS

Процентиль: 66%

0.00514

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125