CVE-2018-18520
19.10.2018, 17:29
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.Enginsight
| Vendor | Product | Version |
|---|---|---|
| elfutils_project | elfutils | 𝑥 ≤ 0.174 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| elfutils |
|
Common Weakness Enumeration
References