CVE-2019-7146

In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
elfutils_projectelfutils
0.175
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
elfutils
bookworm
0.188-2.1
fixed
bullseye
0.183-1
fixed
jessie
not-affected
sid
0.192-4
fixed
stretch
not-affected
trixie
0.192-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
elfutils
bionic
not-affected
cosmic
not-affected
disco
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dwarves
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
elfutils
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
elfutils-lang
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libasm-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libasm1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw1-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdwarves-devel
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves-devel-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libebl-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libebl-plugins
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libebl-plugins-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libelf-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libelf1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libelf1-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
elfutils
RHEL 8
0:0.176-5.el8
fixed
elfutils-default-yama-scope
RHEL 8
0:0.176-5.el8
fixed
elfutils-devel
RHEL 8
0:0.176-5.el8
fixed
elfutils-devel-static
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf-devel
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf-devel-static
RHEL 8
0:0.176-5.el8
fixed
elfutils-libs
RHEL 8
0:0.176-5.el8
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:3575
https://sourceware.org/bugzilla/show_bug.cgi?id=24075
https://sourceware.org/bugzilla/show_bug.cgi?id=24081
https://access.redhat.com/errata/RHSA-2019:3575
https://sourceware.org/bugzilla/show_bug.cgi?id=24075
https://sourceware.org/bugzilla/show_bug.cgi?id=24081