libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Elfutils | Elfutils_project | 0.173 (including) | 0.173 (including) |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-34/ansible-tower-memcached:1.4.15-28 | * |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-35/ansible-tower-memcached:1.4.15-28 | * |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28 | * |
| Red Hat Enterprise Linux 7 | RedHat | elfutils-0:0.176-2.el7 | * |
| Red Hat Enterprise Linux 7.6 Extended Update Support | RedHat | elfutils-0:0.172-4.el7_6 | * |
| Elfutils | Ubuntu | bionic | * |
| Elfutils | Ubuntu | cosmic | * |
| Elfutils | Ubuntu | precise/esm | * |
| Elfutils | Ubuntu | trusty | * |
| Elfutils | Ubuntu | upstream | * |
| Elfutils | Ubuntu | xenial | * |