Security Advisory

CVE-2021-46102

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-27 17:44:59

Last updated 2024-08-04 05:02:10

Assigner mitre

State PUBLISHED

Description

From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is triggered while calculating the variable "addr" via "addr = (sym.st_value + refd_pa) as u64";

← Browse all CVEs View on cve.org ↗