CVE-2014-0172
Description
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
Risk Information
Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.832
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| collection of utilities to handle ELF objects (USN-2188-1) libdw1_0.158-0ubuntu5.2_i386.deb | Linux |
| collection of utilities to handle ELF objects (USN-2188-1) libdw1_0.158-0ubuntu5.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234