Lucene search

GoogleCVELIST:CVE-2021-22545

HistoryJun 29, 2021 - 11:55 a.m.

CVE-2021-22545 Use-after-free in BinDiff

2021-06-2911:55:11

CWE-416

Google

www.cve.org

cve-2021-22545

idapro

bindiff

memory offset

instruction pointer

arbitrary code

upgrade.

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7

CNA Affected

[
  {
    "product": "Bindiff",
    "vendor": "Google LLC",
    "versions": [
      {
        "lessThan": "7.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.zynamics.com/bindiff/manual/index.html#nyyyy7

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-22545