CVE-2016-10255

Published: Mar 23, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-3670-1

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1387584

x_refsource_CONFIRM

GLSA-201710-10

vendor-advisory

x_refsource_GENTOO

[oss-security] 20170322 Re: elfutils: memory allocation failure in __libelf_set_rawdata_wrlock (elf_getdata.c)

mailing-list

x_refsource_MLIST

[elfutils-devel] 20161021 [PATCH] libelf: Sanity check offset and size before trying to malloc and read data.

mailing-list

x_refsource_MLIST

https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-10255

Description

Affected Products

References