CVE-2017-7609

Priority
Medium
Description
elf_compress.c in elfutils 0.168 does not validate the zlib compression
factor, which allows remote attackers to cause a denial of service (memory
consumption) via a crafted ELF file.
References
Bugs
Notes
 tyhicks> Support for compressed sections was first introduced in 0.165
Assigned-to
tyhicks
Package
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):needed
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (0.158-0ubuntu5.2)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):needed
Patches:
Upstream:https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=8dcc4bf791469a32c3a09ebcc23b309bf75c795f
More Information

Updated: 2017-08-11 23:26:35 UTC (commit 13081)