Home > Vulnerability Database > WS-2023-0012

Mend.io Vulnerability Database

WS-2023-0012

Good to know:

Date: November 3, 2024

The crate elf has several unsafe sections that don't perform proper pointer validation.malicious or malformed input can contain a section header offset of an arbitrary size, meaning that the resultant pointer in the unsafe block can point to an artibrary address in the address space of the process. This can result in unpredictable behaviour, and in our fuzz testing, we discovered that it's trivial to cause SIGABRT (signal 6), or SEGV (signal 11).

Language: RUST

Severity Score

7.5

Related Resources (6)

Url: https://github.com/vincenthouyi/elf_rs

Url: https://github.com/vincenthouyi/elf_rs/commit/3ec9935954bff0525b54b1ca4cbafbd6687f99a4

Url: https://rustsec.org/advisories/RUSTSEC-2022-0079.html

Url: https://github.com/vincenthouyi/elf_rs/issues/11

Url: https://crates.io/crates/elf_rs

Url: https://www.mend.io/vulnerability-database/WS-2023-0012

Severity Score

7.5

Weakness Type (CWE)

Use of Out-of-range Pointer Offset

CWE-823

Top Fix

Upgrade Version

Upgrade to version elf_rs - 0.3.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2023-0012

Good to know:

Date: November 3, 2024

Language: RUST

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?