GHSA-xwqr-xmgg-j69q

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-xwqr-xmgg-j69q/GHSA-xwqr-xmgg-j69q.json
Aliases
  • CVE-2021-46102
Published
2022-01-28T22:59:28Z
Modified
2023-04-26T22:14:09Z
Details

From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr" via addr = (sym.st_value + refd_pa) as u64

References

Affected packages

crates.io / solana_rbpf

solana_rbpf

Affected ranges

Type
SEMVER
Events
Introduced
0.2.14
Fixed
0.2.17

Affected versions