CVE-2024-44083

HIGH

Hex-rays Ida Pro < 8.4 - Resource Allocation Without Limits

Title source: rule

Description

ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.

Exploits (3)

nomisec WRITEUP 1 stars

by dynamicx64 · poc

https://github.com/dynamicx64/CVE-2024-44083

View Code ZIP pw:eip

nomisec WORKING POC

by CrackerCat · poc

https://github.com/CrackerCat/CVE-2024-44083

View Code ZIP pw:eip

inthewild

poc

https://github.com/azvanzed/cve-2024-44083

View on inthewild

References (2)

[Various Sources] https://github.com/Azvanzed/CVE-2024-44083/

[Exploit, Third Party Advisory] https://github.com/Azvanzed/IdaMeme

Scores

CVSS v3 7.5

EPSS 0.1171

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (1)

hex-rays/ida_pro < 8.4

Published Aug 19, 2024

Tracked Since Feb 18, 2026