Описание
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 0.189-4 |
| esm-infra-legacy/trusty | released | 0.158-0ubuntu5.3+esm1 |
| esm-infra/bionic | released | 0.170-0.4ubuntu0.1+esm1 |
| esm-infra/focal | released | 0.176-1.1ubuntu0.1 |
| esm-infra/xenial | released | 0.165-3ubuntu1.2+esm1 |
| focal | released | 0.176-1.1ubuntu0.1 |
| jammy | not-affected | 0.186-1build1 |
| lunar | not-affected | 0.188-2.1 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
The libcpu component which is used by libasm of elfutils version 0.177 ...
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
Уязвимость компонента libcpu утилиты для модификации и анализа бинарных файлов ELF Elfutils, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3