CVE Published: 29/06/2021 |
CVE Updated: 16/09/2024 |
CVE Year: 2021 Source: Google |
Vendor: Google LLC |
Product: Bindiff Status : PUBLISHED
CVE-2021-22545 Description
An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7
Metrics
CVSS Version: 3.1 |
Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* LOW User Interaction (UI)* REQUIRED Scope (S)* CHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-416 CWE Name: CWE-416 Use After Free Source: Google LLC
Common Attack Pattern Enumeration and Classification (CAPEC)