|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2019-7664: elfutils: negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Robert Frohl <rfrohl> |
| Component: | Incidents | Assignee: | Martin Liška <martin.liska> |
| Status: | RESOLVED INVALID | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P4 - Low | CC: | abergmann, jmoreira, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/224492/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2019-7664:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | QA Reproducer | ||
|
Description
Robert Frohl
2019-02-11 15:19:44 UTC
Even though the code in all version we ship is different, I believe all codestreams are affected by looking at the upstream change [0]: - SUSE:SLE-11-SP1:Update - SUSE:SLE-11-SP2:Update - SUSE:SLE-12:Update - SUSE:SLE-15:Update [0] https://sourceware.org/bugzilla/show_bug.cgi?id=24084#c1 Created attachment 796583 [details]
QA Reproducer
$ eu-elflint -d POC
[..]
Segmentation fault (core dumped)
Reproducer does not work with version 0.168 of elfutils. I wasn't able to reproduce the bug in any of the code streams. SLE15: Not reproduced SLE12: Not reproduced SLE11-SP2: Not reproduced SLE11-SP1: Not reproduced -> reassign to current maintainer _> closing as not for us |