CVE-2014-0172

Published: Apr 11, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

Affected (6)

Products: Elfutils Project: Elfutils

Elfutils Project

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Elfutils Project Elfutils	Version 0.153
Elfutils Project Elfutils	Version 0.154
Elfutils Project Elfutils	Version 0.155
Elfutils Project Elfutils	Version 0.156
Elfutils Project Elfutils	Version 0.157
Elfutils Project Elfutils	Version 0.158

Related CWEs

References (12)

http://seclists.org/oss-sec/2014/q2/54

Source: secalert@redhat.com

http://www.securityfocus.com/bid/66714

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2188-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1085663

Source: secalert@redhat.com

https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html

Source: secalert@redhat.com

Patch

https://security.gentoo.org/glsa/201612-32

Source: secalert@redhat.com

http://seclists.org/oss-sec/2014/q2/54

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/66714

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2188-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1085663

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://security.gentoo.org/glsa/201612-32

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.