Vulnerability in BinDiff 7 allows for arbitrary code execution

Vulnerability in BinDiff 7 allows for arbitrary code execution

CVE-2021-22545 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An attacker can craft a specific IdaPro *.i64 file that will cause the BinDiff plugin to load an invalid memory offset. This can allow the attacker to control the instruction pointer and execute arbitrary code. It is recommended to upgrade BinDiff 7

Learn more about our Cis Benchmark Audit For Bind.