CVE-2021-3674

A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/netspooky/61101e191afee95feda7dbd2f6b061c4	Exploit Third Party Advisory
https://github.com/rizinorg/rizin/pull/1313	Exploit Patch Vendor Advisory
https://gist.github.com/netspooky/61101e191afee95feda7dbd2f6b061c4	Exploit Third Party Advisory
https://github.com/rizinorg/rizin/pull/1313	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-03-24 20:15

Updated : 2025-02-25 17:15

NVD link : CVE-2021-3674

Mitre link : CVE-2021-3674

CVE.ORG link : CVE-2021-3674

JSON object : View

Products Affected

rizin

rizin

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-125

Out-of-bounds Read

{"id": "CVE-2021-3674", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-03-24T20:15:08.097", "references": [{"url": "https://gist.github.com/netspooky/61101e191afee95feda7dbd2f6b061c4", "tags": ["Exploit", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://github.com/rizinorg/rizin/pull/1313", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://gist.github.com/netspooky/61101e191afee95feda7dbd2f6b061c4", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/rizinorg/rizin/pull/1313", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function."}], "lastModified": "2025-02-25T17:15:10.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A208484C-BE16-4523-BC03-48684D2102B6", "versionEndIncluding": "0.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}