ALT-PU-2014-2479-1
Closed vulnerabilities
Published: 2014-04-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0172
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
Severity: MEDIUM (6.8)
References:
- [oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)
- [oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)
- 66714
- 66714
- USN-2188-1
- USN-2188-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1085663
- https://bugzilla.redhat.com/show_bug.cgi?id=1085663
- [elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
- [elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
- GLSA-201612-32
- GLSA-201612-32