CVE-2019-7149

A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.

References

Affected packages

Git / sourceware.org/git/elfutils.git

Affected ranges

Type

GIT

Repo

https://sourceware.org/git/elfutils.git

Events

Introduced

Last affected

4ea9a2db164caadf836a65d5cdffb09a2d5a37ce

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.175"
        }
    ]
}

Affected versions

elfutils-0.*

elfutils-0.120

elfutils-0.121

elfutils-0.122

elfutils-0.123

elfutils-0.124

elfutils-0.125

elfutils-0.126

elfutils-0.127

elfutils-0.128

elfutils-0.129

elfutils-0.130

elfutils-0.131

elfutils-0.132

elfutils-0.133

elfutils-0.134

elfutils-0.135

elfutils-0.136

elfutils-0.137

elfutils-0.138

elfutils-0.139

elfutils-0.140

elfutils-0.141

elfutils-0.142

elfutils-0.143

elfutils-0.144

elfutils-0.145

elfutils-0.146

elfutils-0.147

elfutils-0.148

elfutils-0.149

elfutils-0.150

elfutils-0.151

elfutils-0.152

elfutils-0.153

elfutils-0.154

elfutils-0.155

elfutils-0.156

elfutils-0.157

elfutils-0.158

elfutils-0.159

elfutils-0.160

elfutils-0.161

elfutils-0.162

elfutils-0.163

elfutils-0.164

elfutils-0.165

elfutils-0.166

elfutils-0.167

elfutils-0.168

elfutils-0.169

elfutils-0.170

elfutils-0.171

elfutils-0.172

elfutils-0.173

elfutils-0.174

elfutils-0.175

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7149.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]