CVE-2022-21711 Information

Description

elfspirit is an ELF static analysis and injection framework that parses manipulates and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1 there is an out-of-bounds read bug which can lead to application crashes or information leakage. By constructing a special format ELF file the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Reference

https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 https://github.com/liyansong2018/elfspirit/issues/1 https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.1