Miggo Logo

CVE-2021-32297: LIEF heap-buffer-overflow

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.6708%
Published
5/24/2022
Updated
9/30/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
liefpip< 0.11.00.11.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key issues: 1) In Section.cpp, init_c_sections allocated content without checking section size, potentially returning NULL for zero-length sections. 2) In pe_reader.c, main accessed content[0..3] without validating the content pointer. The commit added size checks in Section.cpp and NULL checks in pe_reader.c, directly addressing these flaws. Both functions are explicitly modified in the patch and linked to the reported heap-buffer-overflow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in LI** prior to v*rsion *.**.*. * ***p-*u***r-ov*r*low *xists in t** *un*tion m*in lo**t** in `p*_r****r.*`. It *llows *n *tt**k*r to **us* *o** *x**ution.

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: *) In S**tion.*pp, init_*_s**tions *llo**t** *ont*nt wit*out ****kin* s**tion siz*, pot*nti*lly r*turnin* NULL *or z*ro-l*n*t* s**tions. *) In p*_r****r.*, m*in ****ss** *ont*nt[*..*] wit*out v*li**tin* t*