Out-of-bounds Read The advisory has been revoked - it doesn't affect any version of package elfutils  (opens in a new tab)


Threat Intelligence

EPSS
0.1% (44th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIANUNSTABLE-ELFUTILS-600249
  • published19 Aug 2020
  • disclosed18 Mar 2018

Introduced: 18 Mar 2018

CVE-2018-8769  (opens in a new tab)
CWE-125  (opens in a new tab)

Amendment

The Debian security team deemed this advisory irrelevant for Debian:unstable.

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Debian.

elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported.