CVE-2019-7664

moderate-risk

Published 2019-02-09

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (15)

Elfutils

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Affected Vendors

Redhat Elfutils Project

References (6)

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2197

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3575

Exploit https://sourceware.org/bugzilla/show_bug.cgi?id=24084

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2197

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3575

Exploit https://sourceware.org/bugzilla/show_bug.cgi?id=24084

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate