CVE-2021-46102

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-46102
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46102.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-46102
Aliases
Withdrawn
2024-05-15T05:32:40.737520Z
Published
2022-01-27T18:15:07Z
Modified
2023-11-29T09:07:14.617115Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr" via "addr = (sym.stvalue + refdpa) as u64";

References

Affected packages

Git / github.com/solana-labs/rbpf

Affected ranges

Type
GIT
Repo
https://github.com/solana-labs/rbpf
Events

Affected versions

v0.*

v0.2.14
v0.2.15
v0.2.16