CVE-2019-7148

**DISPUTED** An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."

Published : 2019-01-29 00:29 Updated : 2019-03-25 20:29

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Elfutils Project Elfutils 0.174 cpe:/a:elfutils_project:elfutils:0.174
  1. Elfutils Project (1) Search CVE
    1. Elfutils (1) Search CVE
      1. 0.174

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-03-25 20:29
2019-01-29 20:33
2019-01-29 00:29

New CVE