Wind River Support Network

HomeDefectsLIN1018-2780
Fixed

LIN1018-2780 : Security Advisory - elfutils - CVE-2018-18310

Created: Oct 29, 2018    Updated: Mar 7, 2019
Resolved Date: Feb 21, 2019
Found In Version: unknown
Fix Version: 10.18.44.4
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

A vulnerability in the libdwfl library of elfutils could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the dwfl_segment_report_module.c source code file in the libdwfl library of the affected software and is due to improper handling of Executable and Linkable Format (ELF) files. An attacker could exploit this vulnerability by sending an ELF file that submits malicious input to the targeted system and by executing the eu-stack command. A successful exploit could trigger a segmentation fault and cause the affected application to crash, resulting in a DoS condition.

CVEs


Live chat
Online