Integer Overflow Vulnerability in Solana rBPF's relocate Function

Integer Overflow Vulnerability in Solana rBPF's relocate Function

CVE-2021-46102 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer overflow is triggered while calculating the variable "addr" via "addr = (sym.st_value + refd_pa) as u64";

Learn more about our Web Application Penetration Testing UK.