제출 #814457: fraillt bitsery 5.2.4 CWE-1287, CWE-843 (Type Confusion)정보

제목fraillt bitsery 5.2.4 CWE-1287, CWE-843 (Type Confusion)
설명An issue was discovered in Bitsery v5.2.4 and below. Insecure deserialization of pointers under certain conditions may lead to type confusion, resulting in potential information disclosure, control flow hijacking, and arbitrary code execution. --- Recommended CVSS: - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N - Justification: - AV:N - In the worst case, the library parses untrusted data sent over the network. - AC:L - Binary exploitation techniques are well-known. Security-enhancing conditions such as ASLR and PIE could be bypassed. - AT:P - CVSS guidelines do not provide examples and context assessing this for software frameworks. I have decided to give this Present instead of None, because the affected library is used in vastly different manners. Not all applications using the library are vulnerable, because it is dependent on the prerequisite of deserialising untrusted input under specific conditions. - PR:N - In a reasonable worst case, no privileges are required to exploit. - UI:N - In a reasonable worst case, no user interaction is necessary to exploit. - VC:H - Potential impact encapsulates RCE - VI:H - Potential impact encapsulates RCE - VA:H - Potential impact encapsulates RCE - SC:N - No scope change - SI:N - No scope change - SA:N - No scope change --- Note to moderator: The maintainer was notified on Aug. 30, 2025 and promptly responded. The vulnerability was fixed in Bitsery v5.2.5. CVD: https://gist.github.com/TrebledJ/750abc64a826f19dd2d6774724629b71 Changelog: https://github.com/fraillt/bitsery/blob/master/CHANGELOG.md#525-2025-10-09 Vendor: https://github.com/fraillt Product: https://github.com/fraillt/bitsery
원천⚠️ https://gist.github.com/TrebledJ/750abc64a826f19dd2d6774724629b71
사용자
 trebledj (UID 94356)
제출2026. 04. 27. PM 10:22 (1 월 ago)
모더레이션2026. 05. 25. PM 09:17 (28 days later)
상태수락
VulDB 항목365541 [fraillt bitsery 까지 5.2.4 std_smart_ptr.h loadFromSharedState 원격 코드 실행]
포인트들20

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!