{"id":"CVE-2020-21047","details":"The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.","modified":"2026-04-09T06:59:16.303855Z","published":"2023-08-22T19:16:09.657Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html"},{"type":"WEB","url":"https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8"},{"type":"REPORT","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=25068"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://sourceware.org/git/elfutils.git","events":[{"introduced":"0"},{"last_affected":"5643e037cb7a38ed5d52f50421be706ea8014e3d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.177"}]}}],"versions":["elfutils-0.120","elfutils-0.121","elfutils-0.122","elfutils-0.123","elfutils-0.124","elfutils-0.125","elfutils-0.126","elfutils-0.127","elfutils-0.128","elfutils-0.129","elfutils-0.130","elfutils-0.131","elfutils-0.132","elfutils-0.133","elfutils-0.134","elfutils-0.135","elfutils-0.136","elfutils-0.137","elfutils-0.138","elfutils-0.142","elfutils-0.143","elfutils-0.144","elfutils-0.145","elfutils-0.146","elfutils-0.147","elfutils-0.148","elfutils-0.149","elfutils-0.150","elfutils-0.151","elfutils-0.152","elfutils-0.153","elfutils-0.154","elfutils-0.155","elfutils-0.156","elfutils-0.157","elfutils-0.158","elfutils-0.159","elfutils-0.160","elfutils-0.161","elfutils-0.162","elfutils-0.163","elfutils-0.164","elfutils-0.165","elfutils-0.166","elfutils-0.167","elfutils-0.168","elfutils-0.169","elfutils-0.170","elfutils-0.171","elfutils-0.172","elfutils-0.173","elfutils-0.174","elfutils-0.175","elfutils-0.176","elfutils-0.177"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-21047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}