CVE-2022-43171

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions LIEF versions prior to 0.12.3

Description A heap buffer overflow in the parse dyldinfo generic bind function of LIEF's BinaryParser allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.

Recommendations For versions prior to 0.12.3, update to version 0.12.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the parse dyldinfo generic bind function until a patch is available. Avoid processing untrusted or crafted MachO files with the affected LIEF versions.

Exploit

Fix

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2022-43171

GHSA-JVP9-PHWP-P738

PYSEC-2022-43140

Affected Products

Lief

CVE-2022-43171

Weakness Enumeration

Related Identifiers

Affected Products

References · 8