Описание
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0 (исключая)
cpe:2.3:a:elfspirit_project:elfspirit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00362
Низкий
7.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-125
CWE-125
EPSS
Процентиль: 58%
0.00362
Низкий
7.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-125
CWE-125