Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out-of-bounds Read lead to application crashes or information leakage in ELF parsing.
Vulnerability Description
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
Elfspirit 缓冲区错误漏洞
Vulnerability Description
Elfspirit是中国的一个 Elf 静态分析和注入框架。用于解析、操作和伪装 Elf 文件。 elfspirit 存在安全漏洞,该漏洞源于读取越界错误,攻击者可导致应用程序崩溃或信息泄漏。
CVSS Information
N/A
Vulnerability Type
N/A