CVE-2019-7149

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
elfutils_projectelfutils
0.175
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
elfutils
bookworm
0.188-2.1
fixed
bullseye
0.183-1
fixed
sid
0.192-4
fixed
stretch
no-dsa
trixie
0.192-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
elfutils
bionic
Fixed 0.170-0.4ubuntu0.1
released
cosmic
Fixed 0.170-0.5.0ubuntu1.1
released
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
trusty
Fixed 0.158-0ubuntu5.3+esm1
released
xenial
Fixed 0.165-3ubuntu1.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dwarves
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
elfutils
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
elfutils-lang
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libasm-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libasm1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw1-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdwarves-devel
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves-devel-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libebl-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libebl-plugins
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libebl-plugins-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libelf-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libelf1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libelf1-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
elfutils
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-default-yama-scope
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-devel
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-devel-static
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf-devel
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf-devel-static
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libs
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2197
https://access.redhat.com/errata/RHSA-2019:3575
https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
https://sourceware.org/bugzilla/show_bug.cgi?id=24102
https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
https://usn.ubuntu.com/4012-1/
https://access.redhat.com/errata/RHSA-2019:2197
https://access.redhat.com/errata/RHSA-2019:3575
https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html
https://sourceware.org/bugzilla/show_bug.cgi?id=24102
https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
https://usn.ubuntu.com/4012-1/