capstone
Behoben in
3.0.5rc2
CVE-2017-6952 describes a buffer overflow vulnerability discovered in the Capstone disassembler, specifically within the cswinkernelmalloc function. This flaw can lead to a denial of service (DoS) condition, potentially impacting systems running vulnerable kernel drivers. The vulnerability affects versions of Capstone up to and including 3.0.4, with a fix available in version 3.0.5rc2.
The core of the vulnerability lies in an integer overflow within cswinkernelmalloc. An attacker can exploit this by providing a maliciously crafted, excessively large value as an argument to this function. This overflow results in an allocation request that exceeds the available buffer space, leading to a heap-based buffer overflow within a kernel driver. Successful exploitation can cause the system to crash, leading to a denial of service. While the description mentions 'unspecified other impact,' the kernel driver context suggests potential for privilege escalation or arbitrary code execution, though this is not explicitly confirmed. The impact is particularly severe because Capstone is often used in security tools and embedded systems, potentially exposing critical infrastructure to attack.
CVE-2017-6952 was publicly disclosed on March 16, 2017. While no active exploitation campaigns have been definitively linked to this CVE, the potential for kernel-level impact makes it a concerning vulnerability. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's nature suggests that developing such exploits is relatively straightforward.
Exploit-Status
EPSS
0.35% (57% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2017-6952 is to upgrade to Capstone version 3.0.5rc2 or later. This version includes a fix for the integer overflow vulnerability. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing runtime checks to validate the size of the allocation request before calling cswinkernelmalloc. While a WAF or proxy cannot directly mitigate this vulnerability, careful input validation in applications using Capstone can help prevent malicious values from reaching the disassembly framework. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for unusual memory allocation patterns within the Capstone process can be a useful detection strategy.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2017-6952 is a HIGH severity buffer overflow vulnerability in Capstone disassembler versions 3.0.4 and earlier. An integer overflow in the cswinkernelmalloc function can lead to a denial of service when processing large values.
You are affected if you are using Capstone disassembler version 3.0.4 or earlier. Check your version using capstone --version and upgrade if necessary.
Upgrade to Capstone version 3.0.5rc2 or later to resolve the vulnerability. If immediate upgrading isn't possible, implement input validation on values passed to cswinkernelmalloc.
There is currently no evidence of CVE-2017-6952 being actively exploited in the wild, and public POC code is limited.
Refer to the Capstone project's security advisories and the NVD entry for CVE-2017-6952 for official information: https://nvd.nist.gov/vuln/detail/CVE-2017-6952
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.