← volver
CVE-2022-21711

Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.

CVSS 7.1 HIGHEPSS 0.9%CWE-125
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.1EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 ene 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Productos afectados
liyansong2018 · elfspirit