CVE-2017-7613

Published: 09 April 2017

elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
elfutils Launchpad, Ubuntu, Debian	Upstream	Needed


	Ubuntu 21.04 (Hirsute Hippo)	Released (0.170-0.4)
	Ubuntu 20.04 LTS (Focal Fossa)	Released (0.170-0.4)
	Ubuntu 18.04 LTS (Bionic Beaver)	Released (0.170-0.4)
	Ubuntu 16.04 ESM (Xenial Xerus)	Released (0.165-3ubuntu1.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (0.158-0ubuntu5.3)
	Patches: Upstream: https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=4314716cd498bb51639db717bd7ce6182de33322

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7613
https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
https://ubuntu.com/security/notices/USN-3670-1
NVD
Launchpad
Debian

Bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=21312
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859990

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›