QwikSec

Security Database

CVE

CWE

Training

CVE-2018-18310

Published: Oct 15, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sourceware.org/bugzilla/show_bug.cgi?id=23752

x_refsource_MISC

[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update

mailing-list

x_refsource_MLIST

https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:1590

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20211030 [SECURITY] [DLA 2802-1] elfutils security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.