CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.7%
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0
and older that use the string functions provided in zycore
in order to
append untrusted user data to the formatter buffer within their custom
formatter hooks can run into heap buffer overflows. Older versions of Zydis
failed to properly initialize the string object within the formatter
buffer, forgetting to initialize a few fields, leaving their value to
chance. This could then in turn cause zycore functions like
ZyanStringAppend
to make incorrect calculations for the new target size,
resulting in heap memory corruption. This does not affect the regular
uncustomized Zydis formatter, because Zydis internally doesn’t use the
string functions in zycore that act upon these fields. However, because the
zycore string functions are the intended way to work with the formatter
buffer for users of the library that wish to extend the formatter, we still
consider this to be a vulnerability in Zydis. This bug is patched starting
in version 3.2.1. As a workaround, users may refrain from using zycore
string functions in their formatter hooks until updating to a patched
version.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.7%