What is the severity of CVE-2018-18521?

CVE-2018-18521 is classified as a denial of service vulnerability that can cause an application crash.

How do I fix CVE-2018-18521?

To fix CVE-2018-18521, upgrade elfutils to version 0.183-1 or later.

Which versions of elfutils are affected by CVE-2018-18521?

CVE-2018-18521 affects elfutils version 0.174 and earlier.

Can CVE-2018-18521 be exploited remotely?

Yes, CVE-2018-18521 can be exploited remotely using a crafted ELF file.

What specific function in elfutils is vulnerable in CVE-2018-18521?

The function arlib_add_symbols() in arlib.c is where the divide-by-zero vulnerability occurs.

Vulnerability/
CVE-2018-18521

medium

5.5

CWE

369

19/10/2018

21/11/2024

CVE-2018-18521: Divide by Zero

First published: Fri Oct 19 2018(Updated: )

A flaw was found in elfutils 0.174. A Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. References: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=23786">https://sourceware.org/bugzilla/show_bug.cgi?id=23786</a> <a href="https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html">https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html</a> Upstream Patch: <a href="https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327">https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
debian/elfutils		0.183-1 0.188-2.1 0.192-4
CentOS Elfutils	=0.174
Debian	=8.0
Debian	=9.0
Red Hat Enterprise Linux Desktop	=7.0
Red Hat Enterprise Linux Server	=7.0
Red Hat Enterprise Linux Workstation	=7.0
SUSE Linux	=15.0
SUSE Linux	=15.1
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=18.10

Remedy

https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-18521?
CVE-2018-18521 is classified as a denial of service vulnerability that can cause an application crash.
How do I fix CVE-2018-18521?
To fix CVE-2018-18521, upgrade elfutils to version 0.183-1 or later.
Which versions of elfutils are affected by CVE-2018-18521?
CVE-2018-18521 affects elfutils version 0.174 and earlier.
Can CVE-2018-18521 be exploited remotely?
Yes, CVE-2018-18521 can be exploited remotely using a crafted ELF file.
What specific function in elfutils is vulnerable in CVE-2018-18521?
The function arlib_add_symbols() in arlib.c is where the divide-by-zero vulnerability occurs.

agent/type
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2018-18521
agent/severity
agent/weakness
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/description
agent/first-publish-date
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/debian
vendor/elfutils project
canonical/centos elfutils
version/centos elfutils/0.174
vendor/debian
canonical/debian
version/debian/8.0
version/debian/9.0
vendor/redhat
canonical/red hat enterprise linux desktop
version/red hat enterprise linux desktop/7.0
canonical/red hat enterprise linux server
version/red hat enterprise linux server/7.0
canonical/red hat enterprise linux workstation
version/red hat enterprise linux workstation/7.0
vendor/opensuse
canonical/suse linux
version/suse linux/15.0
version/suse linux/15.1
vendor/canonical
canonical/ubuntu
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/18.10