Vulnerabilities > CVE-2020-21047 - Out-of-bounds Write vulnerability in Elfutils Project Elfutils 0.177
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html
- https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html
- https://sourceware.org/bugzilla/show_bug.cgi?id=25068
- https://sourceware.org/bugzilla/show_bug.cgi?id=25068
- https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8
- https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8