CVE-2019-7664

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
elfutils_projectelfutils
0.175
redhatenterprise_linux
8.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
8.1
redhatenterprise_linux_eus
8.2
redhatenterprise_linux_eus
8.4
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_tus
8.2
redhatenterprise_linux_server_tus
8.4
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
elfutils
bookworm
0.188-2.1
fixed
bullseye
0.183-1
fixed
jessie
not-affected
sid
0.192-4
fixed
stretch
not-affected
trixie
0.192-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
elfutils
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dwarves
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
elfutils
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
elfutils-lang
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libasm-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libasm1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdw1-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libdwarves-devel
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves-devel-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libdwarves1-32bit
suse enterprise desktop 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise sap 15 SP3
1.22-150300.7.3.1
fixed
suse enterprise server 15 SP3
1.22-150300.7.3.1
fixed
libebl-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libebl-plugins
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libebl-plugins-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
libelf-devel
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libelf1
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
libelf1-32bit
suse enterprise desktop 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise desktop 15 SP4
0.185-150400.3.35
fixed
suse enterprise desktop 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise desktop 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise sap 15 SP4
0.185-150400.3.35
fixed
suse enterprise sap 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise sap 15 SP7
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP3
0.177-150300.11.3.1
fixed
suse enterprise server 15 SP4
0.185-150400.3.35
fixed
suse enterprise server 15 SP5
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP6
0.185-150400.5.3.1
fixed
suse enterprise server 15 SP7
0.185-150400.5.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
elfutils
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-default-yama-scope
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-devel
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-devel-static
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf-devel
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libelf-devel-static
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
elfutils-libs
RHEL 7
0:0.176-2.el7
fixed
RHEL 8
0:0.176-5.el8
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2019:2197
https://access.redhat.com/errata/RHSA-2019:3575
https://sourceware.org/bugzilla/show_bug.cgi?id=24084
https://access.redhat.com/errata/RHSA-2019:2197
https://access.redhat.com/errata/RHSA-2019:3575
https://sourceware.org/bugzilla/show_bug.cgi?id=24084