7.1
CVE-2022-21711
- EPSS 0.88%
- Veröffentlicht 24.01.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:45:17
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOut-of-bounds Read lead to application crashes or information leakage in ELF parsing.
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elfspirit Project ≫ Elfspirit Version < 1.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.88% | 0.542 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:P
|
| security-advisories@github.com | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608
https://github.com/liyansong2018/elfspirit/issues/1
https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r