1625055 – (CVE-2018-16403) CVE-2018-16403 elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash

Bug 1625055 (CVE-2018-16403) - CVE-2018-16403 elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash

Summary: CVE-2018-16403 elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-16403
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1625056 1625057 1625418 1625419 1625420
Blocks:	1625054
TreeView+	depends on / blocked

Reported:	2018-09-04 04:45 UTC by Sam Fowler
Modified:	2019-09-29 14:57 UTC (History)
CC List:	23 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-08-06 13:19:17 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:2197	0	None	None	None	2019-08-06 12:27:06 UTC

Description Sam Fowler 2018-09-04 04:45:51 UTC

Elfutils through version 0.173 is vulnerable to a heap-based buffer over-read due to incorrect checks for the end of attribute lists in the libdw/dwarf_getabbrev.c:__libdw_getabbrev() and libdw/dwarf_hasattr.c:dwarf_hasattr() functions. An attacker could exploit this to cause a crash via a crafted ELF.


Upstream Bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=23529


Upstream Patch:

https://sourceware.org/git/?p=elfutils.git;a=patch;h=6983e59b727458a6c64d9659c85f08218bc4fcda

Comment 1 Sam Fowler 2018-09-04 04:46:40 UTC

Created elfutils tracking bugs for this issue:

Affects: fedora-all [bug 1625056]

Comment 6 errata-xmlrpc 2019-08-06 12:27:04 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:2197

Comment 7 Product Security DevOps Team 2019-08-06 13:19:17 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-16403

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
bmcclain
dbaker
dblechte
dfediuck
drepper
eedri
fche
jakub
jokerman
kanderso
mcermak
me
mgoldboi
michal.skrivanek
mjw
mjw
mnewsome
ohudlick
sbonazzo
sherold
sthangav
trankin