4 matches found
Integer overflow in solana_rbpf
From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr"...
CVE-2021-46102
From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr"...
CVE-2021-46102
From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr"...
PT-2022-12567 · Solana · Solana Rbpf
Name of the Vulnerable Software and Affected Versions: Solana rBPF versions 0.2.14 through 0.2.16 Description: The issue is related to an integer overflow bug in the function "relocate" in the file src/elf.rs. This bug occurs because the sym.st value is read directly from the ELF file without...