CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7609

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.0%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c
https://security.gentoo.org/glsa/201710-10
https://usn.ubuntu.com/3670-1/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c
https://security.gentoo.org/glsa/201710-10
https://usn.ubuntu.com/3670-1/

Products affected by CVE-2017-7609

Elfutils Project » Elfutils » Version: 0.168

cpe:2.3:a:elfutils_project:elfutils:0.168

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7609

Products

Pricing

Contact Us