Elfutilsproject Elfutils
By the Year
In 2024 there have been 0 vulnerabilities in Elfutilsproject Elfutils . Last year Elfutils had 2 security vulnerabilities published. Right now, Elfutils is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 6 | 5.83 |
| 2018 | 7 | 6.59 |
It may take a day or so for new Elfutils vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Elfutilsproject Elfutils Security Vulnerabilities
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers
CVE-2020-21047
5.5 - Medium
- August 22, 2023
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
Memory Corruption
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which
CVE-2021-33294
5.5 - Medium
- July 18, 2023
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.
Infinite Loop
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check
CVE-2019-7664
5.5 - Medium
- February 09, 2019
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
Memory Corruption
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf
CVE-2019-7665
5.5 - Medium
- February 09, 2019
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.
Out-of-bounds Read
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl
CVE-2019-7146
5.5 - Medium
- January 29, 2019
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.
Out-of-bounds Read
An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174
CVE-2019-7148
6.5 - Medium
- January 29, 2019
An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."
Allocation of Resources Without Limits or Throttling
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175
CVE-2019-7149
6.5 - Medium
- January 29, 2019
A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
Out-of-bounds Read
An issue was discovered in elfutils 0.175
CVE-2019-7150
5.5 - Medium
- January 29, 2019
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.
Out-of-bounds Read
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174
CVE-2018-18520
6.5 - Medium
- October 19, 2018
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
Buffer Overflow
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174
CVE-2018-18521
5.5 - Medium
- October 19, 2018
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
Divide By Zero
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174
CVE-2018-18310
5.5 - Medium
- October 15, 2018
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.
Buffer Overflow
libelf/elf_end.c in elfutils 0.173
CVE-2018-16402
9.8 - Critical
- September 03, 2018
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
Double-free
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c
CVE-2018-16403
5.5 - Medium
- September 03, 2018
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
Out-of-bounds Read
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18
CVE-2018-16062
5.5 - Medium
- August 29, 2018
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
Out-of-bounds Read
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c
CVE-2018-8769
7.8 - High
- March 18, 2018
elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Elfutilsproject Elfutils or by Elfutilsproject? Click the Watch button to subscribe.
