CVE-2021-3674

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-3674

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3674.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-3674

Published

2023-03-24T20:15:08Z

Modified

2025-02-25T19:45:58.004270Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in rizin. The createsectionfrom_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function.

References

Affected packages

Git / github.com/rizinorg/rizin

Affected ranges

Type: GIT
Repo: https://github.com/rizinorg/rizin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

91d3bb43fd92fc04e8def76beb22c2d84ae53fb5

Affected versions

0.*

0.1.0

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.2.1