Vulnerabilities > CVE-2020-21047 - Out-of-bounds Write vulnerability in Elfutils Project Elfutils 0.177

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
elfutils-project
CWE-787

Summary

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

Vulnerable Configurations

Part Description Count
Application
Elfutils_Project
1

Common Weakness Enumeration (CWE)