Headline
CVE-2023-30226: ELF: added vn_next break condition (#3214) · rizinorg/rizin@a6d89de
An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.
Commit
Permalink
Browse files
Browse the repository at this point in the history
ELF: added vn_next break condition (#3214)
if the dynamic section’s verneednum mismatches the true number of entries then the for loop in get_gnu_verneed will continue to iterate on the last entry since vn_next will be 0 on the last entry. If verneednum is set to all 0xff’s it will take a very long time to finish this loop naturally drastically hindering binary load time. The solution is simple, to check for when vn_next == 0 and break out of the loop since all entries have been iterated over regardless of what verneednum indicates.
- Loading branch information