Vulnerabilities > CVE-2020-21047 - Out-of-bounds Write vulnerability in Elfutils Project Elfutils 0.177

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

elfutils-project

CWE-787

NVD

Published: 2023-08-22

Updated: 2023-11-07

Summary

The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.

Vulnerable Configurations

Part	Description	Count
Application	Elfutils_Project Elfutils Project Elfutils 0.177	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://sourceware.org/bugzilla/show_bug.cgi?id=25068
https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html
https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8