CVE-2023-1157

02.03.2023, 19:15

A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.8 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
VulDB	CNA	2.8 LOW				CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
elf-parser_project	elf-parser	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.

References

https://github.com/10cksYiqiyinHangzhouTechnology/elf-parser_segments_poc

https://vuldb.com/?ctiid.222222

https://vuldb.com/?id.222222

https://github.com/10cksYiqiyinHangzhouTechnology/elf-parser_segments_poc

https://vuldb.com/?ctiid.222222

https://vuldb.com/?id.222222