Closed Alan-Jowett closed 6 months ago
Here is one example: https://github.com/serge1/ELFIO/blob/9814eaaa7623e05b1e2dd11794eb6404afac9040/elfio/elfio_relocation.hpp#L341C1-L359C1
Code assumes relocation_section->get_entry_size() > sizeof(T), which can be wrong in the case of a malicious ELF file.
See: https://github.com/microsoft/ebpf-for-windows/issues/3114 for how this was caught.
Here is one example: https://github.com/serge1/ELFIO/blob/9814eaaa7623e05b1e2dd11794eb6404afac9040/elfio/elfio_relocation.hpp#L341C1-L359C1
Code assumes relocation_section->get_entry_size() > sizeof(T), which can be wrong in the case of a malicious ELF file.
See: https://github.com/microsoft/ebpf-for-windows/issues/3114 for how this was caught.