CVE-2018-16062

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
elfutils_projectelfutils
𝑥
< 0.174
debiandebian_linux
8.0
debiandebian_linux
9.0
opensuseleap
15.0
opensuseleap
15.1
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
elfutils
bookworm
0.188-2.1
fixed
bullseye
0.183-1
fixed
sid
0.192-4
fixed
trixie
0.192-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
elfutils
bionic
Fixed 0.170-0.4ubuntu0.1
released
cosmic
Fixed 0.170-0.5.0ubuntu1.1
released
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
trusty
Fixed 0.158-0ubuntu5.3+esm1
released
xenial
Fixed 0.165-3ubuntu1.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dwarves
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
elfutils
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
elfutils-lang
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libasm-devel
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libasm1
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libasm1-32bit
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
libdw-devel
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libdw1
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libdw1-32bit
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libdwarves-devel
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves-devel-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libebl-devel
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libebl-plugins
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libebl-plugins-32bit
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libebl1
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
libebl1-32bit
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
libelf-devel
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libelf1
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
libelf1-32bit
suse enterprise desktop 15
0.168-4.5.3
fixed
suse enterprise desktop 15 SP1
0.168-4.5.3
fixed
suse enterprise desktop 15 SP2
0.168-4.5.3
fixed
suse enterprise desktop 15 SP3
0.168-4.5.3
fixed
suse enterprise sap 12 SP3
0.158-7.7.2
fixed
suse enterprise sap 12 SP4
0.158-7.7.2
fixed
suse enterprise sap 12 SP5
0.158-7.7.2
fixed
suse enterprise sap 15
0.168-4.5.3
fixed
suse enterprise sap 15 SP1
0.168-4.5.3
fixed
suse enterprise sap 15 SP2
0.168-4.5.3
fixed
suse enterprise sap 15 SP3
0.168-4.5.3
fixed
suse enterprise server 12 SP3
0.158-7.7.2
fixed
suse enterprise server 12 SP4
0.158-7.7.2
fixed
suse enterprise server 12 SP5
0.158-7.7.2
fixed
suse enterprise server 15
0.168-4.5.3
fixed
suse enterprise server 15 SP1
0.168-4.5.3
fixed
suse enterprise server 15 SP2
0.168-4.5.3
fixed
suse enterprise server 15 SP3
0.168-4.5.3
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
elfutils
RHEL 7
0:0.176-2.el7
fixed
elfutils-default-yama-scope
RHEL 7
0:0.176-2.el7
fixed
elfutils-devel
RHEL 7
0:0.176-2.el7
fixed
elfutils-devel-static
RHEL 7
0:0.176-2.el7
fixed
elfutils-libelf
RHEL 7
0:0.176-2.el7
fixed
elfutils-libelf-devel
RHEL 7
0:0.176-2.el7
fixed
elfutils-libelf-devel-static
RHEL 7
0:0.176-2.el7
fixed
elfutils-libs
RHEL 7
0:0.176-2.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://access.redhat.com/errata/RHSA-2019:2197
https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html
https://sourceware.org/bugzilla/show_bug.cgi?id=23541
https://sourceware.org/git/?p=elfutils.git%3Ba=commit%3Bh=29e31978ba51c1051743a503ee325b5ebc03d7e9
https://usn.ubuntu.com/4012-1/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://access.redhat.com/errata/RHSA-2019:2197
https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html
https://sourceware.org/bugzilla/show_bug.cgi?id=23541
https://sourceware.org/git/?p=elfutils.git%3Ba=commit%3Bh=29e31978ba51c1051743a503ee325b5ebc03d7e9
https://usn.ubuntu.com/4012-1/