Описание
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
A flaw was found in libbpf. This vulnerability allows a local attacker to execute arbitrary code or cause a denial of service (crash) via a crafted ELF file that triggers a heap buffer overflow.
Отчет
This vulnerability is rated as a moderate severity because here heap buffer overflow vulnerability exists in the bpf_object__init_prog function of libbpf where this issue occurs due to missing boundary checks when copying BPF instructions from a malformed ELF file leading to memory corruption during memcpy and the impact of the issue is a crash of the application using libbpf when it loads a malicious BPF object file, the overflow could allow limited memory corruption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libbpf | Not affected | ||
| Red Hat Enterprise Linux 8 | libbpf | Not affected | ||
| Red Hat Enterprise Linux 9 | libbpf | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under root."
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker ...
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.
EPSS
7.3 High
CVSS3