CVE

CVE-2022-21711

Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.

CVE

CVE-2022-21711

Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.

elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.1

3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21711.json, https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608, https://github.com/liyansong2018/elfspirit/issues/1, https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r, https://nvd.nist.gov/vuln/detail/CVE-2022-21711

Severity

7.1

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.1

EPSS Probability

0.00221%

EPSS Percentile

0.44418%

Introduced Version

Fix Available

c5b0f5a9a24f2451bbeda4751d67633bc375e608

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2022-21711

CVE-2022-21711

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.1

Basic Information

Fix Critical Vulnerabilities Instantly