CVE-2021-44078

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-44078
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44078.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44078
Aliases
Published
2021-12-26T05:15:07Z
Modified
2024-05-23T01:23:19.644184Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in splitregion in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling ucmemmapptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine.

References

Affected packages

Git / github.com/unicorn-engine/unicorn

Affected ranges

Type
GIT
Repo
https://github.com/unicorn-engine/unicorn
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.9

1.*

1.0
1.0-rc1
1.0-rc2
1.0-rc3
1.0.1
1.0.2
1.0.2-rc1
1.0.2-rc2
1.0.2-rc3
1.0.2-rc4
1.0.2-rc5
1.0.2-rc6
1.0.3

2.*

2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4