MidnightBSD

Advisories for elfutils_project

CVE-2014-0172 MEDIUM

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.153
elfutils_project elfutils 0.154
elfutils_project elfutils 0.155
elfutils_project elfutils 0.156
elfutils_project elfutils 0.157
elfutils_project elfutils 0.158
CVE-2014-9447 MEDIUM

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.161
elfutils_project elfutils 0.152
CVE-2016-10254 MEDIUM

The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
elfutils_project elfutils *
CVE-2016-10255 MEDIUM

The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
elfutils_project elfutils *
CVE-2017-7607 MEDIUM

The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.168
CVE-2017-7608 MEDIUM

The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
elfutils_project elfutils 0.168
debian debian_linux 8.0
canonical ubuntu_linux 16.04
CVE-2017-7609 MEDIUM

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.168
CVE-2017-7610 MEDIUM

The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
elfutils_project elfutils 0.168
debian debian_linux 8.0
canonical ubuntu_linux 16.04
CVE-2017-7611 MEDIUM

The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
elfutils_project elfutils 0.168
debian debian_linux 8.0
canonical ubuntu_linux 16.04
CVE-2017-7612 MEDIUM

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
elfutils_project elfutils 0.168
debian debian_linux 8.0
canonical ubuntu_linux 16.04
CVE-2017-7613 MEDIUM

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
elfutils_project elfutils 0.168
debian debian_linux 8.0
canonical ubuntu_linux 16.04
CVE-2018-16062 MEDIUM

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
elfutils_project elfutils *
opensuse leap 15.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 16.04
CVE-2018-16402 HIGH

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
opensuse leap 15.0
redhat enterprise_linux_workstation 7.0
elfutils_project elfutils 0.173
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 16.04
CVE-2018-16403 MEDIUM

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.173
CVE-2018-18310 MEDIUM

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
elfutils_project elfutils *
opensuse leap 15.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 16.04
CVE-2018-18520 MEDIUM

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
elfutils_project elfutils *
opensuse leap 15.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 16.04
CVE-2018-18521 MEDIUM

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
elfutils_project elfutils 0.174
canonical ubuntu_linux 18.04
opensuse leap 15.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 16.04
CVE-2018-8769 MEDIUM

elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.170
CVE-2019-7146 MEDIUM

In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.175
CVE-2019-7148 MEDIUM

An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.174
CVE-2019-7149 MEDIUM

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.175
debian debian_linux 8.0
CVE-2019-7150 MEDIUM

An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.175
debian debian_linux 9.0
opensuse leap 15.1
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
debian debian_linux 8.0
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux 8.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server 7.0
redhat enterprise_linux_eus 8.1
canonical ubuntu_linux 18.04
redhat enterprise_linux_server_aus 8.4
opensuse leap 15.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
CVE-2019-7664 MEDIUM

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.175
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_tus 8.6
CVE-2019-7665 MEDIUM

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.175
debian debian_linux 9.0
opensuse leap 15.1
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.2
debian debian_linux 8.0
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux 8.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_server 7.0
redhat enterprise_linux_eus 8.1
canonical ubuntu_linux 18.04
redhat enterprise_linux_server_aus 8.4
opensuse leap 15.0
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
CVE-2020-21047

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
elfutils_project elfutils 0.177
CVE-2021-33294

In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.

Products Affected

Vendor Product Version
elfutils_project elfutils 0.183
CVE-2024-25260

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

Products Affected

Vendor Product Version
elfutils_project elfutils 0.189
CVE-2025-1352 MEDIUM

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L 1.6 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.192
CVE-2025-1365 MEDIUM

A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.192
CVE-2025-1371 LOW

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,CWE-476,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.192
CVE-2025-1372 MEDIUM

A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.192
CVE-2025-1376 LOW

A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 2.5 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.0 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.192
CVE-2025-1377 LOW

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,

Products Affected

Vendor Product Version
elfutils_project elfutils 0.192