SQ14111
Detected Windows executable files that are not large address aware while trying to use high entropy ASLR.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
pass | medium | low | None | hardening: warning Reason: mitigation effectiveness issues |
About the issueโ
High Entropy Address Space Layout Randomization (HEASLR) is a vulnerability mitigation option that forces software components to load on a different memory base address each time they are used. This mitigation is detected as enabled, but rendered ineffective due to image not being large address aware. For HEASLR to work properly on 64-bit images, it is required that they know how to handle addresses above the lowest 2 GB memory range. If they can't use the larger address space, they should not opt in to high entropy address randomization.
How to resolve the issueโ
- Review the programming language linker options.
- In Microsoft VisualStudio, you can enable HEASLR mitigation by setting the linker option /LARGEADDRESSAWARE to ON.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Base Address (External resource - techopedia)
- Software defense: mitigating common exploitation techniques (External resource - Microsoft)