CVE Vulnerability

CVE-2022-21711

elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.

5.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 Patch Third Party Advisory
https://github.com/liyansong2018/elfspirit/issues/1 Exploit Issue Tracking
https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:elfspirit_project:elfspirit:*:*:*:*:*:*:*:*
Information

Published : 2022-01-24 08:15

Updated : 2023-02-16 05:07

NVD link : CVE-2022-21711

Mitre link : CVE-2022-21711

Products Affected
No products.
CWE
CWE-125

Out-of-bounds Read