LOW 3.9 PyPI
LIEF obtain sensitive information via the name parameter
GHSA-377p-g8gr-5wpg · CVE-2024-31636 · PYSEC-2024-280
Published · Modified
Description
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-31636
- WEB https://github.com/lief-project/LIEF/issues/1038
- WEB https://github.com/lief-project/LIEF/commit/307e113f8e00b034f0a5f1baa33e54d636c52ea3
- PACKAGE https://github.com/lief-project/LIEF
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/lief/PYSEC-2024-280.yaml
- WEB http://lief.com
Ready to move
Start Securing
Free, no credit card | First findings in minutes