CVE-2022-21711

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-21711
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 Patch Third Party Advisory
https://github.com/liyansong2018/elfspirit/issues/1 Exploit Issue Tracking Third Party Advisory
https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r Patch Third Party Advisory
https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 Patch Third Party Advisory
https://github.com/liyansong2018/elfspirit/issues/1 Exploit Issue Tracking Third Party Advisory
https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:elfspirit_project:elfspirit:*:*:*:*:*:*:*:*
History

21 Nov 2024, 06:45

Type Values Removed Values Added
References () https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 - Patch, Third Party Advisory () https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 - Patch, Third Party Advisory
References () https://github.com/liyansong2018/elfspirit/issues/1 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/liyansong2018/elfspirit/issues/1 - Exploit, Issue Tracking, Third Party Advisory
References () https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r - Patch, Third Party Advisory () https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r - Patch, Third Party Advisory

28 Jan 2022, 19:03

Type Values Removed Values Added
CWE CWE-125
CPE cpe:2.3:a:elfspirit_project:elfspirit:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 5.8
v3 : 7.1
References (MISC) https://github.com/liyansong2018/elfspirit/issues/1 - (MISC) https://github.com/liyansong2018/elfspirit/issues/1 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 - (MISC) https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r - (CONFIRM) https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r - Patch, Third Party Advisory

24 Jan 2022, 20:24

Type Values Removed Values Added
New CVE
Information

Published : 2022-01-24 20:15

Updated : 2024-11-21 06:45

NVD link : CVE-2022-21711

Mitre link : CVE-2022-21711

CVE.ORG link : CVE-2022-21711

JSON object : View

Products Affected

elfspirit_project

  • elfspirit
CWE
CWE-125

Out-of-bounds Read