CVE-2017-7612

Published: 09 April 2017

The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
elfutils Launchpad, Ubuntu, Debian	Upstream	Needed


	Ubuntu 21.04 (Hirsute Hippo)	Released (0.170-0.4)
	Ubuntu 20.04 LTS (Focal Fossa)	Released (0.170-0.4)
	Ubuntu 18.04 LTS (Bionic Beaver)	Released (0.170-0.4)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (0.165-3ubuntu1.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (0.158-0ubuntu5.3)
	Patches: Upstream: https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=61fe61898747f63eb35a81c2261f3590a3dab8fd

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7612
https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
https://ubuntu.com/security/notices/USN-3670-1
NVD
Launchpad
Debian

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=21311
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859991

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›