CVE-2021-32297: LIEF heap-buffer-overflow
8.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.6708%
CWE
Published
5/24/2022
Updated
9/30/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
lief | pip | < 0.11.0 | 0.11.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two key issues: 1) In Section.cpp, init_c_sections allocated content without checking section size, potentially returning NULL for zero-length sections. 2) In pe_reader.c, main accessed content[0..3] without validating the content pointer. The commit added size checks in Section.cpp and NULL checks in pe_reader.c, directly addressing these flaws. Both functions are explicitly modified in the patch and linked to the reported heap-buffer-overflow.