What is the severity of CVE-2018-16062?

The severity of CVE-2018-16062 is rated as medium, indicating a moderate potential impact.

How do I fix CVE-2018-16062?

To mitigate CVE-2018-16062, update the affected elfutils package to at least version 0:0.176-2.el7 for Red Hat or the recommended versions for Debian and Ubuntu.

What systems are affected by CVE-2018-16062?

CVE-2018-16062 affects multiple Linux distributions including Red Hat Enterprise Linux, Debian, and Ubuntu systems running specific versions of the elfutils package.

What type of vulnerability is CVE-2018-16062?

CVE-2018-16062 is classified as an out-of-bounds read vulnerability leading to potential denial of service.

Is there a known exploit for CVE-2018-16062?

As of now, there are no publicly available exploits specifically targeting CVE-2018-16062.

Vulnerability/
CVE-2018-16062

medium

5.5

CWE

125

17/8/2018

29/8/2018

21/11/2024

CVE-2018-16062

First published: Fri Aug 17 2018(Updated: )

An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/elfutils	<0:0.176-2.el7	0:0.176-2.el7
debian/elfutils		0.183-1 0.188-2.1 0.192-4
CentOS Elfutils	<0.174
Debian	=8.0
Debian	=9.0
SUSE Linux	=15.0
SUSE Linux	=15.1
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=18.10
Red Hat Enterprise Linux Desktop	=7.0
Red Hat Enterprise Linux Server	=7.0
Red Hat Enterprise Linux Workstation	=7.0

Remedy

https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2018-16062?
The severity of CVE-2018-16062 is rated as medium, indicating a moderate potential impact.
How do I fix CVE-2018-16062?
To mitigate CVE-2018-16062, update the affected elfutils package to at least version 0:0.176-2.el7 for Red Hat or the recommended versions for Debian and Ubuntu.
What systems are affected by CVE-2018-16062?
CVE-2018-16062 affects multiple Linux distributions including Red Hat Enterprise Linux, Debian, and Ubuntu systems running specific versions of the elfutils package.
What type of vulnerability is CVE-2018-16062?
CVE-2018-16062 is classified as an out-of-bounds read vulnerability leading to potential denial of service.
Is there a known exploit for CVE-2018-16062?
As of now, there are no publicly available exploits specifically targeting CVE-2018-16062.

collector/redhat-cve
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-16062
agent/remedy
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/description
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/redhat
package-manager/debian
vendor/elfutils project
canonical/centos elfutils
vendor/debian
canonical/debian
version/debian/8.0
version/debian/9.0
vendor/opensuse
canonical/suse linux
version/suse linux/15.0
version/suse linux/15.1
vendor/canonical
canonical/ubuntu
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/18.10
vendor/redhat
canonical/red hat enterprise linux desktop
version/red hat enterprise linux desktop/7.0
canonical/red hat enterprise linux server
version/red hat enterprise linux server/7.0
canonical/red hat enterprise linux workstation
version/red hat enterprise linux workstation/7.0