Search

Find a vulnerability

Search criteria

    2 vulnerabilities by liyansong2018

    CVE-2022-21711 (GCVE-0-2022-21711)

    Vulnerability from nvd – Published: 2022-01-24 19:50 – Updated: 2025-04-22 18:32
    VLAI
    Title
    Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.
    Summary
    elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:53:34.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/liyansong2018/elfspirit/issues/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21711",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T15:51:56.227965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T18:32:37.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "elfspirit",
              "vendor": "liyansong2018",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-24T19:50:11.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/liyansong2018/elfspirit/issues/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608"
            }
          ],
          "source": {
            "advisory": "GHSA-jr8h-2657-m68r",
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-21711",
              "STATE": "PUBLIC",
              "TITLE": "Out-of-bounds Read lead to application crashes or information leakage in ELF parsing."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "elfspirit",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "liyansong2018"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125: Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r"
                },
                {
                  "name": "https://github.com/liyansong2018/elfspirit/issues/1",
                  "refsource": "MISC",
                  "url": "https://github.com/liyansong2018/elfspirit/issues/1"
                },
                {
                  "name": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608",
                  "refsource": "MISC",
                  "url": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-jr8h-2657-m68r",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-21711",
        "datePublished": "2022-01-24T19:50:11.000Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2025-04-22T18:32:37.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-21711 (GCVE-0-2022-21711)

    Vulnerability from cvelistv5 – Published: 2022-01-24 19:50 – Updated: 2025-04-22 18:32
    VLAI
    Title
    Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.
    Summary
    elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:53:34.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/liyansong2018/elfspirit/issues/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-21711",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-22T15:51:56.227965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T18:32:37.135Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "elfspirit",
              "vendor": "liyansong2018",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-24T19:50:11.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/liyansong2018/elfspirit/issues/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608"
            }
          ],
          "source": {
            "advisory": "GHSA-jr8h-2657-m68r",
            "discovery": "UNKNOWN"
          },
          "title": "Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2022-21711",
              "STATE": "PUBLIC",
              "TITLE": "Out-of-bounds Read lead to application crashes or information leakage in ELF parsing."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "elfspirit",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "liyansong2018"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125: Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r"
                },
                {
                  "name": "https://github.com/liyansong2018/elfspirit/issues/1",
                  "refsource": "MISC",
                  "url": "https://github.com/liyansong2018/elfspirit/issues/1"
                },
                {
                  "name": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608",
                  "refsource": "MISC",
                  "url": "https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-jr8h-2657-m68r",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2022-21711",
        "datePublished": "2022-01-24T19:50:11.000Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2025-04-22T18:32:37.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }