Home > Vulnerability Database > CVE-2022-21711

Mend.io Vulnerability Database

CVE-2022-21711

Good to know:

Date: January 24, 2022

elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.

Language: C

Severity Score

7.1

Related Resources (5)

Url: https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608

Url: https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-21711

Url: https://github.com/liyansong2018/elfspirit/issues/1

Url: https://www.mend.io/vulnerability-database/CVE-2022-21711

Severity Score

7.1

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version 1.1

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-21711

Good to know:

Date: January 24, 2022

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?