GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

内存缓冲区边界内操作的限制不恰当

Elfutils 缓冲区错误漏洞

Elfutils是Cuviper个人开发者的一套用于读取、创建和修改ELF二进制文件的实用程序和库的集合。 Elfutils 0.192版本存在缓冲区错误漏洞，该漏洞源于libdw_alloc.c文件中的__libdw_thread_tail函数，对参数w的操纵导致内存损坏。

N/A

N/A