CVE-2016-10255

Priority
Description
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils
before 0.168 allows remote attackers to cause a denial of service (crash)
via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a
memory allocation failure.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.168-0.2)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):released (0.158-0ubuntu5.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.165-3ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.168-0.2)
Ubuntu 19.04 (Disco Dingo):released (0.168-0.2))
Ubuntu 19.10 (Eoan Ermine):released (0.168-0.2))
Ubuntu 20.04 (Focal Fossa):released (0.168-0.2))
Patches:
Upstream:https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=09ec02ec7f7e6913d10943148e2a898264345b07
More Information

Updated: 2019-12-05 19:28:33 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)