Описание
An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7
Ссылки
- ProductRelease NotesVendor Advisory
- ProductRelease NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0 (исключая)
cpe:2.3:a:google:bindiff:*:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00059
Низкий
7.5 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-416
CWE-416
Связанные уязвимости
github
больше 3 лет назад
An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7
EPSS
Процентиль: 19%
0.00059
Низкий
7.5 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-416
CWE-416