SQ14112
Detected Windows executable files with bound imports that will be ignored due to enabled ASLR vulnerability mitigation protection.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
| None | pass | low | low | None | None |
About the issueโ
Address Space Layout Randomization (ASLR) is a vulnerability mitigation option that forces software components to load on a different memory base address each time they are used. Bound imports are a way for the operating system to speed up application startup time. However, binding an image makes it consistently load on the default base address. That is incompatible with ASLR, which is why bound imports will be ignored.
How to resolve the issueโ
- This is a minor code quality issue. To resolve it, review the programming language linker options.
- In Microsoft VisualStudio, you can safely remove EDITBIN /BIND from your post-link procedure, and set the /ALLOWBIND option to NO.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Base Address (External resource - techopedia)