Описание
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
An out-of-bound read flaw has been found in elfutils in the ebl_dynamic_tag_name function of ebldynamictagname.c file. An attacker could exploit this by supplying a crafted ELF file to display wrong data or potentially cause a crash in eu-readelf and eu-elflint binaries.
Отчет
This issue did not affect the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable commit. This issue did not affect the versions of elfutils as shipped with Red Hat Developer Toolset 6 and 7 as they did not include the vulnerable commit.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | elfutils | Not affected | ||
| Red Hat Enterprise Linux 6 | elfutils | Not affected | ||
| Red Hat Enterprise Linux 7 | elfutils | Not affected | ||
| Red Hat Enterprise Linux 8 | elfutils | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name func ...
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
EPSS
4.4 Medium
CVSS3