GHSA-xwqr-xmgg-j69q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xwqr-xmgg-j69q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-xwqr-xmgg-j69q/GHSA-xwqr-xmgg-j69q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xwqr-xmgg-j69q
- Aliases
- Published
- 2022-01-28T22:59:28Z
- Modified
- 2023-11-08T04:07:25.094752Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Integer overflow in solana_rbpf
- Details
-
From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr" via
addr = (sym.st_value + refd_pa) as u64 - Database specific
{ "nvd_published_at": "2022-01-27T18:15:00Z", "github_reviewed_at": "2022-01-28T19:06:48Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-190" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-46102
- https://github.com/solana-labs/rbpf/pull/200
- https://github.com/solana-labs/rbpf/pull/236
- https://blocksecteam.medium.com/new-integer-overflow-bug-discovered-in-solana-rbpf-7729717159ee
- https://github.com/solana-labs/rbpf
- https://github.com/solana-labs/rbpf/blob/c14764850f0b83b58aa013248eaf6d65836c1218/src/elf.rs#L609-L630
- https://github.com/solana-labs/rbpf/releases/tag/v0.2.17
Affected packages
crates.io / solana_rbpf
Package
- Name
- solana_rbpf
- View open source insights on deps.dev
- Purl
- pkg:cargo/solana_rbpf