Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-25260

Опубликовано: 20 фев. 2024
Источник: redhat
CVSS3: 4
EPSS Низкий

Описание

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.

Отчет

This incident was classified as a standard bug rather than a security concern. Crashes in standalone utilities triggered by untrusted inputs typically aren't regarded as security issues since they don't lead to privilege escalation. It's important to highlight that unless eu-readelf is instrumented with AddressSanitizer, no actual crash occurs; instead, eu-readelf simply prints a random global string.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6elfutilsOut of support scope
Red Hat Enterprise Linux 7elfutilsOut of support scope
Red Hat Enterprise Linux 8elfutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-11-elfutilsWill not fix
Red Hat Enterprise Linux 9elfutilsFix deferred
Red Hat Virtualization 4elfutilsWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2265194elfutils: global-buffer-overflow exists in the function ebl_machine_flag_name in eblmachineflagname.c

EPSS

Процентиль: 2%
0.00014
Низкий

4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-25260

CVSS3: 4
ubuntu
почти 2 года назад

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

nvd логотип

CVE-2024-25260

CVSS3: 4
nvd
почти 2 года назад

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

msrc логотип

CVE-2024-25260

CVSS3: 4
msrc
5 месяцев назад

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

debian логотип

CVE-2024-25260

CVSS3: 4
debian
почти 2 года назад

elfutils v0.189 was discovered to contain a NULL pointer dereference v ...

github логотип

GHSA-c5x5-p58w-fxgh

CVSS3: 4
github
почти 2 года назад

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

EPSS

Процентиль: 2%
0.00014
Низкий

4 Medium

CVSS3