CVE-2024-31636: LIEF obtain sensitive information via the name parameter

May 3, 2024 (updated November 22, 2024)

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.

References

github.com/advisories/GHSA-377p-g8gr-5wpg
github.com/lief-project/LIEF
github.com/lief-project/LIEF/commit/307e113f8e00b034f0a5f1baa33e54d636c52ea3
github.com/lief-project/LIEF/issues/1038
nvd.nist.gov/vuln/detail/CVE-2024-31636

Detect and mitigate CVE-2024-31636 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →