Description
A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- gnu / elfutils0.192 – 0.192
References
- MISChttps://vuldb.com/?id.295978
- MISChttps://vuldb.com/?ctiid.295978
- MISChttps://vuldb.com/?submit.496484
- MISChttps://sourceware.org/bugzilla/show_bug.cgi?id=32655
- MISChttps://sourceware.org/bugzilla/attachment.cgi?id=15926
- MISChttps://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2
- MISChttps://www.gnu.org/