Your submission was sent successfully! Close

CVE-2017-7609

Published: 9 April 2017

elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Notes

AuthorNote
tyhicks
Support for compressed sections was first introduced in 0.165
Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
elfutils
Launchpad, Ubuntu, Debian
artful
Released (0.170-0.1)
bionic
Released (0.170-0.4)
precise Not vulnerable

trusty Not vulnerable
(0.158-0ubuntu5.2)
upstream Needed

xenial
Released (0.165-3ubuntu1.1)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=8dcc4bf791469a32c3a09ebcc23b309bf75c795f