Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-7150

Опубликовано: 29 янв. 2019
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.5

Описание

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

РелизСтатусПримечание
bionic

released

0.170-0.4ubuntu0.1
cosmic

released

0.170-0.5.0ubuntu1.1
devel

not-affected

0.176-1.1
disco

not-affected

0.176-1
eoan

not-affected

0.176-1.1
esm-infra-legacy/trusty

released

0.158-0ubuntu5.3+esm1
esm-infra/bionic

released

0.170-0.4ubuntu0.1
esm-infra/focal

not-affected

0.176-1.1
esm-infra/xenial

released

0.165-3ubuntu1.2
focal

not-affected

0.176-1.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%
0.00133
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-7150

CVSS3: 3.3
redhat
больше 7 лет назад

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

nvd логотип

CVE-2019-7150

CVSS3: 5.5
nvd
около 7 лет назад

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

debian логотип

CVE-2019-7150

CVSS3: 5.5
debian
около 7 лет назад

An issue was discovered in elfutils 0.175. A segmentation fault can oc ...

github логотип

GHSA-32w9-wxmj-7cv4

CVSS3: 5.5
github
больше 3 лет назад

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

fstec логотип

BDU:2019-01238

CVSS3: 5.5
fstec
почти 7 лет назад

Уязвимость функции elf64_xlatetom в пакете elfutils, связанная с отсутствием проверки соответствия ожидаемого размера данных и реально прочитанных из файла дампа (core), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 33%
0.00133
Низкий

4.3 Medium

CVSS2

5.5 Medium

CVSS3