CVE-2018-16062

Published: 28 August 2018

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
elfutils Launchpad, Ubuntu, Debian	bionic	Released (0.170-0.4ubuntu0.1)
	cosmic	Released (0.170-0.5.0ubuntu1.1)
	disco	Not vulnerable (0.176-1)
	eoan	Not vulnerable (0.176-1.1)
	focal	Not vulnerable (0.176-1.1)
	groovy	Not vulnerable (0.176-1.1)
	hirsute	Not vulnerable (0.176-1.1)
	impish	Not vulnerable (0.176-1.1)
	jammy	Not vulnerable (0.176-1.1)
	precise	Ignored (end of ESM support, was needs-triage)
	trusty	Needs triage
	upstream	Released (0.175-1)
	xenial	Released (0.165-3ubuntu1.2)
	Patches: upstream: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›