Home > Vulnerability Database > CVE-2021-3674

Mend.io Vulnerability Database

CVE-2021-3674

Good to know:

Date: March 24, 2023

A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function.

Language: C

Severity Score

7.8

Related Resources (4)

Url: https://gist.github.com/netspooky/61101e191afee95feda7dbd2f6b061c4

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3674

Url: https://github.com/rizinorg/rizin/pull/1313

Url: https://www.mend.io/vulnerability-database/CVE-2021-3674

Severity Score

7.8

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version v0.3.0

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3674

Good to know:

Date: March 24, 2023

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?