solana_rbpf

crates.io3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting solana_rbpfpage 1 of 1

CVE-2021-46102HIGHCVSS 7.5EG 7.5✓ Fixed in 0.2.17
2022-01-27
From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.st_value is read directly from ELF file without checking. If the sym.st_value is rather large, an integer…
CVE-2022-23066CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.2.28
2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For exampl…
CVE-2022-31264HIGHCVSS 7.5EG 7.5✓ Fixed in 0.2.29
2022-05-21
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.

Check whether solana_rbpf is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for solana_rbpf CVEs against the assets you own.

Start Free Scan →