CVE-2019-7150

First published: Wed Oct 10 2018(Updated: )

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/elfutils	<0:0.176-2.el7	0:0.176-2.el7
redhat/elfutils	<0:0.176-5.el8	0:0.176-5.el8
Elfutils Project Elfutils	=0.175
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10
openSUSE Leap	=15.0
openSUSE Leap	=15.1
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=8.1
Redhat Enterprise Linux Eus	=8.2
Redhat Enterprise Linux Eus	=8.4
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=8.2
Redhat Enterprise Linux Server Aus	=8.4
Redhat Enterprise Linux Server Tus	=8.2
Redhat Enterprise Linux Server Tus	=8.4
Redhat Enterprise Linux Workstation	=7.0
debian/elfutils		0.183-1 0.188-2.1 0.191-2

Remedy

https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-7150
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/description
agent/remedy
agent/references
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/elfutils project
canonical/elfutils project elfutils
version/elfutils project elfutils/0.175
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.0
version/opensuse leap/15.1
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.1
version/redhat enterprise linux eus/8.2
version/redhat enterprise linux eus/8.4
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/8.2
version/redhat enterprise linux server aus/8.4
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/8.2
version/redhat enterprise linux server tus/8.4
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
package-manager/debian

CVE-2019-7150

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact