CVE-2022-38306

CVE-2022-38306 describes a heap-buffer-overflow vulnerability in the LIEF library, specifically in the ELF parsing component CorePrPsInfo.tcc. The issue was discovered in commit 5d1d643 [1]. The root cause is a READ operation of size 109 via strlen which overflows a heap buffer when parsing a malformed ELF core dump note (CorePrPsInfo) [1].

The vulnerability can be exploited by providing a specially crafted ELF file to LIEF's elf_reader example tool. An attacker does not need authentication; the attack vector is local or remote file parsing. The on-in the provided crash report, the exploit is triggered by running the elf_reader binary with a proof-of-concept file (poc.zip) [1]. The overflow occurs during the parse_() template instantiation, leading to a heap-buffer-overflow read [1].

Successful exploitation could cause a denial of service (application crash) or potentially allow further memory corruption depending on the heap layout and attacker control over the overflow data. The impact is bounded to the LIEF library's context; it does not directly affect the kernel or other applications. No code execution is confirmed in the references. The LIEF project addressed the issue in commit 53bf680, which fixes the overflow by adding proper bounds checking [2]. Users are advised to update LIEF to a version that includes this fix or apply the patch manually.