[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0172Date: (C)2014-04-11   (M)2023-12-22


Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-66714
GLSA-201612-32
USN-2188-1
https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html
http://seclists.org/oss-sec/2014/q2/54
https://bugzilla.redhat.com/show_bug.cgi?id=1085663

CPE    6
cpe:/a:elfutils_project:elfutils:0.157
cpe:/a:elfutils_project:elfutils:0.156
cpe:/a:elfutils_project:elfutils:0.158
cpe:/a:elfutils_project:elfutils:0.153
...
CWE    1
CWE-189
OVAL    6
oval:org.secpod.oval:def:106878
oval:org.secpod.oval:def:106868
oval:org.secpod.oval:def:52212
oval:org.secpod.oval:def:108344
...

© SecPod Technologies