Wind River Support Network

HomeDefectsLIN6-15082
Fixed

LIN6-15082 : Security Advisory - elfutils - CVE-2018-18310

Created: Oct 29, 2018    Updated: Dec 16, 2018
Resolved Date: Nov 18, 2018
Found In Version: 6.0.0.37
Fix Version: 6.0.0.38
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

A vulnerability in the libdwfl library of elfutils could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the dwfl_segment_report_module.c source code file in the libdwfl library of the affected software and is due to improper handling of Executable and Linkable Format (ELF) files. An attacker could exploit this vulnerability by sending an ELF file that submits malicious input to the targeted system and by executing the eu-stack command. A successful exploit could trigger a segmentation fault and cause the affected application to crash, resulting in a DoS condition.

Other Downloads


Live chat
Online