CVE-2021-22545— Use-after-free in BinDiff
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-22545
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use-after-free in BinDiff
Source: NVD (National Vulnerability Database)
Vulnerability Description
An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
BinDiff 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
BinDiff是一款二进制文件分析和对比的工具。 BinDiff 存在安全漏洞,攻击者可利用该漏洞创建一个特定的IdaPro *.i64文件将导致BinDiff插件加载一个无效的内存偏移量。该漏洞允许攻击者控制指令指针并执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Google LLC | Bindiff | unspecified ~ 7.0 | - |
II. Public POCs for CVE-2021-22545
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-22545
请登录查看更多情报信息。
- https://www.zynamics.com/bindiff/manual/index.html#nyyyy7x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-22545
IV. Related Vulnerabilities
Same vendor: Google LLC
- CVE-2022-3095
Incorrect parsing of the backslash characters in Dart librar - CVE-2022-3474
Bazel leaks user credentials through the remote assets API - CVE-2022-3421
Privilege escalation in Google Drive for Desktop on MacOS - CVE-2022-3171
Memory handling vulnerability in ProtocolBuffers Java core a - CVE-2022-1941
Out of Memory issue in ProtocolBuffers for cpp and python
V. Comments for CVE-2021-22545
No comments yet