PT-2021-15134 · Hex Rays · Ida Pro

Mickey Jin

Published

2021-06-29

Updated

2021-08-16

CVE-2021-22545

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BinDiff versions prior to 7

Description An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset, allowing the attacker to control the instruction pointer and execute arbitrary code.

Recommendations For versions prior to 7, upgrade to version 7 to resolve the issue. As a temporary workaround, consider restricting the use of the BinDiff plugin with IdaPro *.i64 files until the upgrade is applied.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2021-22545

Affected Products

Ida Pro

PT-2021-15134 · Hex Rays · Ida Pro

CVE-2021-22545

Weakness Enumeration

Related Identifiers

Affected Products

References · 5