libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
The product calls free() twice on the same memory address.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Elfutils | Elfutils_project | 0.173 (including) | 0.173 (including) |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-34/ansible-tower-memcached:1.4.15-28 | * |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-35/ansible-tower-memcached:1.4.15-28 | * |
| Red Hat Ansible Tower 3.4 for RHEL 7 | RedHat | ansible-tower-37/ansible-tower-memcached-rhel7:1.4.15-28 | * |
| Red Hat Enterprise Linux 7 | RedHat | elfutils-0:0.176-2.el7 | * |
| Red Hat Enterprise Linux 7.6 Extended Update Support | RedHat | elfutils-0:0.172-4.el7_6 | * |
| Elfutils | Ubuntu | bionic | * |
| Elfutils | Ubuntu | cosmic | * |
| Elfutils | Ubuntu | esm-infra/bionic | * |
| Elfutils | Ubuntu | esm-infra/xenial | * |
| Elfutils | Ubuntu | precise/esm | * |
| Elfutils | Ubuntu | trusty | * |
| Elfutils | Ubuntu | upstream | * |
| Elfutils | Ubuntu | xenial | * |