CVE-2019-7148
First published: Tue Jan 29 2019(Updated: )
An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Elfutils | =0.174 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-7148?
CVE-2019-7148 is classified as a denial-of-service vulnerability.
How do I fix CVE-2019-7148?
To mitigate CVE-2019-7148, upgrade to a version of elfutils later than 0.174 that addresses this memory allocation issue.
Who is affected by CVE-2019-7148?
CVE-2019-7148 affects users and systems utilizing elfutils version 0.174.
What type of attack does CVE-2019-7148 enable?
CVE-2019-7148 can be exploited by remote attackers to trigger a denial-of-service via specially crafted ELF input.
What is the impact of CVE-2019-7148?
The impact of CVE-2019-7148 is an out-of-memory exception that can lead to service disruption.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/elfutils project
- canonical/centos elfutils
- version/centos elfutils/0.174