CVE-2016-7151: Capstone SEGV caused by a read memory access
5.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.39992%
CWE
Published
5/24/2022
Updated
11/21/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
capstone | pip | < 4.0.0 | 4.0.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
- The vulnerability description explicitly names X86_insn_reg_intel as the vulnerable function.
- The commit diff shows critical fixes to this function's bounds checking:
- Added range check before binary search (insn_regs_intel_sorted[0].insn > id || insn_regs_intel_sorted[last].insn < id)
- Fixed mid calculation placement in loop
- Made sorting flag static to function
- CWE-125 (Out-of-bounds Read) matches the SEGV-from-read behavior described
- Multiple references (NVD, GHSA, commit message) all point to this function as the vulnerability location
- The patch clearly addresses improper array bounds validation in the binary search algorithm