CVE-2021-31515 – CVE-2021-31515 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2021-31515?

CVE-2021-31515 has a CVSS score of 7.8 (HIGH). CVE-2021-31515 is an out-of-bounds read vulnerability in Vector 35 Binary Ninja's BNDB file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious BNDB files, potentially compromising their systems. This affects Binary Ninja users who open untrusted analysis files.

📋 TL;DR

CVE-2021-31515 is an out-of-bounds read vulnerability in Vector 35 Binary Ninja's BNDB file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious BNDB files, potentially compromising their systems. This affects Binary Ninja users who open untrusted analysis files.

💻 Affected Systems

Products:

Vector 35 Binary Ninja

Versions: Version 2.3.2660 (Build ID 88f343c3) and earlier

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable when parsing BNDB files; no special configuration required.

📦 What is this software?

Binary Ninja by Vector35

View all CVEs affecting Binary Ninja →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution with the privileges of the Binary Ninja process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the user's workstation when opening malicious BNDB files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted files and Binary Ninja runs with minimal privileges, though some information disclosure may still occur.

🌐 Internet-Facing: LOW - Binary Ninja is not typically an internet-facing service; exploitation requires user interaction with malicious files.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but exploitation requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and knowledge of Binary Ninja's file format; ZDI advisory suggests working exploit exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.4.0 and later

Vendor Advisory: https://binary.ninja/2021/06/03/2.4-release.html#security-advisories

Restart Required: Yes

Instructions:

1. Open Binary Ninja. 2. Go to Help → Check for Updates. 3. Install version 2.4.0 or later. 4. Restart Binary Ninja after installation.

🔧 Temporary Workarounds

Restrict BNDB file handling

all

Configure system to open BNDB files only with patched versions or in isolated environments

Run with reduced privileges

all

Execute Binary Ninja with limited user permissions to reduce impact of successful exploitation

🧯 If You Can't Patch

Only open BNDB files from trusted, verified sources
Use Binary Ninja in isolated virtual machines or containers when analyzing untrusted files

🔍 How to Verify

Check if Vulnerable:

Check Binary Ninja version in Help → About; if version is 2.3.2660 or earlier with Build ID 88f343c3 or older, it's vulnerable.

Check Version:

On Linux/macOS: binaryninja --version; On Windows: Check Help → About in GUI

Verify Fix Applied:

Verify version is 2.4.0 or later in Help → About and check that BNDB files parse without crashes.

📡 Detection & Monitoring

Log Indicators:

Binary Ninja crash logs with memory access violations
Unexpected process creation from binaryninja process

Network Indicators:

Unusual outbound connections from Binary Ninja process

SIEM Query:

process_name:"binaryninja" AND (event_type:"crash" OR parent_process:"binaryninja")

📊 Metadata

CVE ID: CVE-2021-31515

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: June 29, 2021

Last Updated: November 21, 2024

🔗 References

https://binary.ninja/2021/06/03/2.4-release.html#security-advisories Release Notes,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-678/ Third Party Advisory,VDB Entry
https://binary.ninja/2021/06/03/2.4-release.html#security-advisories Release Notes,Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-678/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31515, you might also want to check these: