Описание
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.
A flaw was found in libbpf. This vulnerability allows a local attacker to execute arbitrary code or cause a denial of service (crash) via a crafted ELF file that triggers a heap buffer overflow.
Отчет
This vulnerability is rated as a moderate severity because here heap buffer overflow vulnerability exists in the bpf_object__init_prog function of libbpf where this issue occurs due to missing boundary checks when copying BPF instructions from a malformed ELF file leading to memory corruption during memcpy and the impact of the issue is a crash of the application using libbpf when it loads a malicious BPF object file, the overflow could allow limited memory corruption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libbpf | Not affected | ||
| Red Hat Enterprise Linux 8 | libbpf | Not affected | ||
| Red Hat Enterprise Linux 9 | libbpf | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker ...
Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf.
EPSS
7.3 High
CVSS3