Description
elfspirit is an ELF static analysis and injection framework that parses, manipulates, and camouflages ELF files. When analyzing the ELF file format in versions prior to 1.1, there is an out-of-bounds read bug, which can lead to application crashes or information leakage. By constructing a special format ELF file, the information of any address can be leaked. elfspirit version 1.1 contains a patch for this issue.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/liyansong2018/elfspirit/security/advisories/GHSA-jr8h-2657-m68r
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/liyansong2018/elfspirit/issues/1
Patch, Third Party Advisory x_refsource_misc
https://github.com/liyansong2018/elfspirit/commit/c5b0f5a9a24f2451bbeda4751d67633bc375e608
Scores
CVSS v3
7.1
EPSS
0.0036
EPSS Percentile
58.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (1)
elfspirit_project/elfspirit
< 1.1.0
Published
Jan 24, 2022
Tracked Since
Feb 18, 2026