Vulnerability Details CVE-2019-7146
In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://access.redhat.com/errata/RHSA-2019:3575
- https://sourceware.org/bugzilla/show_bug.cgi?id=24075
- https://sourceware.org/bugzilla/show_bug.cgi?id=24081
- https://access.redhat.com/errata/RHSA-2019:3575
- https://sourceware.org/bugzilla/show_bug.cgi?id=24075
- https://sourceware.org/bugzilla/show_bug.cgi?id=24081
Products affected by CVE-2019-7146
-
cpe:2.3:a:elfutils_project:elfutils:0.175