CVE-2021-45761

Vulnerability

ROPium v3.1 contains an invalid memory address dereference in the find() function. When find() is called without a previously loaded binary, the function attempts to access memory at an uninitialized pointer, leading to a segmentation fault. The issue is reproducible by launching ROPium and issuing the find command without first loading a valid binary file. [1]

Exploitation

An attacker with local access to ROPium can trigger the vulnerability by simply running the tool and executing the find command without loading a binary. Alternatively, loading a non-existent file (e.g., load -a X64 aidai) and then calling find also results in a crash. No special privileges or user interaction beyond starting the application are required. The provided proof-of-concept demonstrates the segmentation fault and the invalid memory access at mov ecx, dword ptr [rsi] where rsi is zero. [1]

Impact

Successful exploitation causes a segmentation fault and immediate termination of ROPium, resulting in a denial of service. There is no indication of arbitrary code execution or information disclosure; the impact is limited to application crash. [1]

Mitigation

As of the reference publication (January 2022), no patch has been released for this vulnerability. Users should avoid using the find command without first loading a valid binary. Upgrading to a future version of ROPium that addresses the issue is recommended once available. [1]