CVE-2018-16402

CRITICAL

Elfutils - Double Free

Title source: rule

Description

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

References (6)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2197

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html

[Exploit, Issue Tracking, Third Party Advisory] https://sourceware.org/bugzilla/show_bug.cgi?id=23528

[Third Party Advisory] https://usn.ubuntu.com/4012-1/

[Mailing List] https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E

Scores

CVSS v3 9.8

EPSS 0.0152

EPSS Percentile 81.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (10)

elfutils_project/elfutils

debian/debian_linux

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

opensuse/leap

canonical/ubuntu_linux

Timeline

Published Sep 03, 2018

Tracked Since Feb 18, 2026