| शीर्षक | Cilium cilium/ebpf v0.19.0-v0.21.0 Denial of Service |
|---|
| विवरण | github.com/cilium/ebpf v0.19.0 through v0.21.0 contains an improper BTF string offset validation flaw in shared string-table lookup logic. A malformed .BTF or .BTF.ext record can set a non-zero string offset equal to BTF StringLen, which is incorrectly treated as valid and causes a parser panic instead of returning an error. The issue is reachable through public parser APIs such as LoadCollectionSpec and LoadCollectionSpecFromReader, was validated across multiple independent .BTF and .BTF.ext fields, and can terminate a process parsing less-trusted eBPF ELF/BTF artifacts, resulting in denial of service. |
|---|
| स्रोत | ⚠️ https://gist.github.com/thesmartshadow/256bff0f8042c584f993ace89074a815 |
|---|
| उपयोगकर्ता | alifiras (UID 94093) |
|---|
| सबमिशन | 03/05/2026 01:11 AM (1 महीना पहले) |
|---|
| संयम | 03/06/2026 07:17 AM (1 month later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 368091 [cilium ebpf तक 0.21.0 LoadCollectionSpec/LoadCollectionSpecFromReader btf/btf.go loadRawSpec offset बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|