CVE-2022-21711
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Summary
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| liyansong2018 | elfspirit | < 1.1 | affected |
Weaknesses
- CWE-125: CWE-125: Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r
- https://github.com/liyansong2018/elfspirit/issues/1
- https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r
- https://github.com/liyansong2018/elfspirit/issues/1
- https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.