CVE-2019-7146

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7146

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7146.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-7146

Related

Published

2019-01-29T00:29:00Z

Modified

2024-12-05T15:21:55.144569Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.

References

Affected packages

Alpine:v3.12 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.13 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.14 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.15 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.16 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.17 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.18 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.19 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.20 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Alpine:v3.21 / elfutils

Package

Name: elfutils
Purl: pkg:apk/alpine/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-r0

Affected versions

0.*

0.168-r0

0.168-r1

0.168-r2

Debian:11 / elfutils

Package

Name: elfutils
Purl: pkg:deb/debian/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / elfutils

Package

Name: elfutils
Purl: pkg:deb/debian/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / elfutils

Package

Name: elfutils
Purl: pkg:deb/debian/elfutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.176-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / sourceware.org/git/elfutils.git

Affected ranges

Type: GIT
Repo: https://sourceware.org/git/elfutils.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4ea9a2db164caadf836a65d5cdffb09a2d5a37ce

Affected versions

elfutils-0.*

elfutils-0.120

elfutils-0.121

elfutils-0.122

elfutils-0.123

elfutils-0.124

elfutils-0.125

elfutils-0.126

elfutils-0.127

elfutils-0.128

elfutils-0.129

elfutils-0.130

elfutils-0.131

elfutils-0.132

elfutils-0.133

elfutils-0.134

elfutils-0.135

elfutils-0.136

elfutils-0.137

elfutils-0.138

elfutils-0.139

elfutils-0.140

elfutils-0.141

elfutils-0.142

elfutils-0.143

elfutils-0.144

elfutils-0.145

elfutils-0.146

elfutils-0.147

elfutils-0.148

elfutils-0.149

elfutils-0.150

elfutils-0.151

elfutils-0.152

elfutils-0.153

elfutils-0.154

elfutils-0.155

elfutils-0.156

elfutils-0.157

elfutils-0.158

elfutils-0.159

elfutils-0.160

elfutils-0.161

elfutils-0.162

elfutils-0.163

elfutils-0.164

elfutils-0.165

elfutils-0.166

elfutils-0.167

elfutils-0.168

elfutils-0.169

elfutils-0.170

elfutils-0.171

elfutils-0.172

elfutils-0.173

elfutils-0.174

elfutils-0.175