Vulnerability Description
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elfutils Project | Elfutils | 0.175 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 8.1 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 8.2 |
| Redhat | Enterprise Linux Server Tus | 8.2 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:2197Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3575Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=24084ExploitIssue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2197Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3575Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=24084ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2019-7664?
CVE-2019-7664 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial ...
How severe is CVE-2019-7664?
CVE-2019-7664 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7664?
Check the references section above for vendor advisories and patch information. Affected products include: Elfutils Project Elfutils, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server.