Vulnerabilites related to rizinorg - rizin
CVE-2023-40022 (GCVE-0-2023-40022)
Vulnerability from cvelistv5
Published
2023-08-24 22:50
Modified
2024-10-02 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq | x_refsource_CONFIRM | |
| https://github.com/rizinorg/rizin/pull/3753 | x_refsource_MISC | |
| https://github.com/rizinorg/rz-libdemangle/pull/54 | x_refsource_MISC | |
| https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018 | x_refsource_MISC | |
| https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq"
},
{
"name": "https://github.com/rizinorg/rizin/pull/3753",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/pull/3753"
},
{
"name": "https://github.com/rizinorg/rz-libdemangle/pull/54",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rz-libdemangle/pull/54"
},
{
"name": "https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018"
},
{
"name": "https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rizin",
"vendor": "rizin",
"versions": [
{
"lessThan": "0.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T18:05:03.677952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T18:11:59.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T22:50:57.457Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq"
},
{
"name": "https://github.com/rizinorg/rizin/pull/3753",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/pull/3753"
},
{
"name": "https://github.com/rizinorg/rz-libdemangle/pull/54",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rz-libdemangle/pull/54"
},
{
"name": "https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018"
},
{
"name": "https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419"
}
],
"source": {
"advisory": "GHSA-92h6-wwc2-53cq",
"discovery": "UNKNOWN"
},
"title": "Rizin vulnerable to Integer Overflow in C++ demangler logic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40022",
"datePublished": "2023-08-24T22:50:57.457Z",
"dateReserved": "2023-08-08T13:46:25.243Z",
"dateUpdated": "2024-10-02T18:11:59.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36039 (GCVE-0-2022-36039)
Vulnerability from cvelistv5
Published
2022-09-06 19:05
Modified
2025-04-23 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. A patch is available on the `dev` branch of the repository.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rizinorg/rizin/security/advisories/GHSA-pr85-hv85-45pg | x_refsource_CONFIRM | |
| https://github.com/rizinorg/rizin/issues/2969 | x_refsource_MISC | |
| https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202209-06 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-pr85-hv85-45pg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/issues/2969"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:49:50.810981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:14:36.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user\u0027s machine. A patch is available on the `dev` branch of the repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-25T15:06:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-pr85-hv85-45pg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/issues/2969"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-06"
}
],
"source": {
"advisory": "GHSA-pr85-hv85-45pg",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds write when parsing DEX files in Rizin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36039",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds write when parsing DEX files in Rizin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rizin",
"version": {
"version_data": [
{
"version_value": "\u003c= 0.4.0"
}
]
}
}
]
},
"vendor_name": "rizinorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user\u0027s machine. A patch is available on the `dev` branch of the repository."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-pr85-hv85-45pg",
"refsource": "CONFIRM",
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-pr85-hv85-45pg"
},
{
"name": "https://github.com/rizinorg/rizin/issues/2969",
"refsource": "MISC",
"url": "https://github.com/rizinorg/rizin/issues/2969"
},
{
"name": "https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406",
"refsource": "MISC",
"url": "https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406"
},
{
"name": "GLSA-202209-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-06"
}
]
},
"source": {
"advisory": "GHSA-pr85-hv85-45pg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36039",
"datePublished": "2022-09-06T19:05:11.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:14:36.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36044 (GCVE-0-2022-36044)
Vulnerability from cvelistv5
Published
2022-09-06 00:00
Modified
2025-04-23 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5q"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460c7"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:02.150671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:31:33.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user\u0027s machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5q"
},
{
"url": "https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cd"
},
{
"url": "https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460c7"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"source": {
"advisory": "GHSA-mqcj-82c6-gh5q",
"discovery": "UNKNOWN"
},
"title": "Rizin Out-of-bounds Write vulnerability in Lua binary plugin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36044",
"datePublished": "2022-09-06T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:31:33.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1788 (GCVE-0-2025-1788)
Vulnerability from cvelistv5
Published
2025-03-01 12:31
Modified
2025-03-03 20:37
Severity ?
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.298011 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.298011 | signature, permissions-required | |
| https://vuldb.com/?submit.502345 | third-party-advisory | |
| https://github.com/rizinorg/rizin/issues/4910 | issue-tracking | |
| https://github.com/rizinorg/rizin/issues/4910#issuecomment-2662963253 | issue-tracking | |
| https://github.com/user-attachments/files/18817099/rz-bin-poc-01.zip | exploit | |
| https://github.com/rizinorg/rizin/pull/4762 | issue-tracking, patch |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1788",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:37:17.465931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:37:29.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rizinorg/rizin/issues/4910#issuecomment-2662963253"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in rizinorg rizin bis 0.8.0 gefunden. Hiervon betroffen ist die Funktion rz_utf8_encode in der Bibliothek /librz/util/utf8.c. Durch Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T12:31:08.574Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298011 | rizinorg rizin utf8.c rz_utf8_encode heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298011"
},
{
"name": "VDB-298011 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298011"
},
{
"name": "Submit #502345 | https://github.com/rizinorg/rizin rizin/rz-bin 309f57434dfa17954f02cdcbb3a2ac4108651767 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.502345"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rizinorg/rizin/issues/4910"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rizinorg/rizin/issues/4910#issuecomment-2662963253"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/18817099/rz-bin-poc-01.zip"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/rizinorg/rizin/pull/4762"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-28T18:11:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "rizinorg rizin utf8.c rz_utf8_encode heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1788",
"datePublished": "2025-03-01T12:31:08.574Z",
"dateReserved": "2025-02-28T17:06:09.261Z",
"dateUpdated": "2025-03-03T20:37:29.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36041 (GCVE-0-2022-36041)
Vulnerability from cvelistv5
Published
2022-09-06 00:00
Modified
2025-04-23 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-2c7m-2f37-mr5m"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/issues/2956"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/7323e64d68ecccfb0ed3ee480f704384c38676b2"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:13.590203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:31:58.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user\u0027s machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-2c7m-2f37-mr5m"
},
{
"url": "https://github.com/rizinorg/rizin/issues/2956"
},
{
"url": "https://github.com/rizinorg/rizin/commit/7323e64d68ecccfb0ed3ee480f704384c38676b2"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"source": {
"advisory": "GHSA-2c7m-2f37-mr5m",
"discovery": "UNKNOWN"
},
"title": "Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36041",
"datePublished": "2022-09-06T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:31:58.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36040 (GCVE-0-2022-36040)
Vulnerability from cvelistv5
Published
2022-09-06 00:00
Modified
2025-04-23 17:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-h897-rhm9-rpmw"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/issues/2963"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/68948017423a12786704e54227b8b2f918c2fd27"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:17.402160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:32:07.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user\u0027s machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-h897-rhm9-rpmw"
},
{
"url": "https://github.com/rizinorg/rizin/issues/2963"
},
{
"url": "https://github.com/rizinorg/rizin/commit/68948017423a12786704e54227b8b2f918c2fd27"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"source": {
"advisory": "GHSA-h897-rhm9-rpmw",
"discovery": "UNKNOWN"
},
"title": "Rizin Out-of-bounds Write vulnerability in pyc/marshal.c"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36040",
"datePublished": "2022-09-06T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:32:07.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27590 (GCVE-0-2023-27590)
Vulnerability from cvelistv5
Published
2023-03-14 20:37
Modified
2025-02-25 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf"
},
{
"name": "https://github.com/rizinorg/rizin/pull/3422",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/pull/3422"
},
{
"name": "https://github.com/rizinorg/rizin/commit/d6196703d89c84467b600ba2692534579dc25ed4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/d6196703d89c84467b600ba2692534579dc25ed4"
},
{
"name": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514"
},
{
"name": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L545",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L545"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW3JXI4TIJIR7PGFP74SN7GQYHW2F46Y/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:22.987138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:57:31.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T02:06:16.810Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf"
},
{
"name": "https://github.com/rizinorg/rizin/pull/3422",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/pull/3422"
},
{
"name": "https://github.com/rizinorg/rizin/commit/d6196703d89c84467b600ba2692534579dc25ed4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/commit/d6196703d89c84467b600ba2692534579dc25ed4"
},
{
"name": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514"
},
{
"name": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L545",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L545"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW3JXI4TIJIR7PGFP74SN7GQYHW2F46Y/"
}
],
"source": {
"advisory": "GHSA-rqcp-m8m2-jcqf",
"discovery": "UNKNOWN"
},
"title": "Rizin has stack-based buffer overflow when parsing GDB registers profile files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27590",
"datePublished": "2023-03-14T20:37:59.269Z",
"dateReserved": "2023-03-04T01:03:53.635Z",
"dateUpdated": "2025-02-25T14:57:31.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43814 (GCVE-0-2021-43814)
Vulnerability from cvelistv5
Published
2021-12-13 19:35
Modified
2024-08-04 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r | x_refsource_CONFIRM | |
| https://github.com/rizinorg/rizin/issues/2083 | x_refsource_MISC | |
| https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/issues/2083"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T19:35:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/issues/2083"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"
}
],
"source": {
"advisory": "GHSA-hqqp-vjcm-mw8r",
"discovery": "UNKNOWN"
},
"title": "Heap-based OOB write when parsing dwarf DIE info in Rizin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43814",
"STATE": "PUBLIC",
"TITLE": "Heap-based OOB write when parsing dwarf DIE info in Rizin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rizin",
"version": {
"version_data": [
{
"version_value": "\u003c= 0.3.1"
}
]
}
}
]
},
"vendor_name": "rizinorg"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r",
"refsource": "CONFIRM",
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"
},
{
"name": "https://github.com/rizinorg/rizin/issues/2083",
"refsource": "MISC",
"url": "https://github.com/rizinorg/rizin/issues/2083"
},
{
"name": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406",
"refsource": "MISC",
"url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"
}
]
},
"source": {
"advisory": "GHSA-hqqp-vjcm-mw8r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43814",
"datePublished": "2021-12-13T19:35:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:09.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36042 (GCVE-0-2022-36042)
Vulnerability from cvelistv5
Published
2022-09-06 00:00
Modified
2025-04-23 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-pf72-jg54-8gvp"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:10.248963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:31:50.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user\u0027s machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-pf72-jg54-8gvp"
},
{
"url": "https://github.com/rizinorg/rizin/commit/556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"source": {
"advisory": "GHSA-pf72-jg54-8gvp",
"discovery": "UNKNOWN"
},
"title": "Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36042",
"datePublished": "2022-09-06T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:31:50.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1786 (GCVE-0-2025-1786)
Vulnerability from cvelistv5
Published
2025-03-01 10:00
Modified
2025-03-03 20:35
Severity ?
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.298007 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.298007 | signature, permissions-required | |
| https://vuldb.com/?submit.502317 | third-party-advisory | |
| https://github.com/rizinorg/rizin/issues/4893 | issue-tracking | |
| https://github.com/user-attachments/files/18765730/rz-bin-6fb50-poc.zip | exploit | |
| https://github.com/rizinorg/rizin/milestone/18 | patch |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:35:36.363409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:35:48.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/rizinorg/rizin/issues/4893"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "0.7.0"
},
{
"status": "affected",
"version": "0.7.1"
},
{
"status": "affected",
"version": "0.7.2"
},
{
"status": "affected",
"version": "0.7.3"
},
{
"status": "affected",
"version": "0.7.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wenjusun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msf_stream_directory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in rizinorg rizin bis 0.7.4 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion msf_stream_directory_free in der Bibliothek /librz/bin/pdb/pdb.c. Mittels Manipulieren des Arguments -P mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 0.8.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T10:00:07.495Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298007 | rizinorg rizin pdb.c msf_stream_directory_free buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298007"
},
{
"name": "VDB-298007 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298007"
},
{
"name": "Submit #502317 | https://github.com/rizinorg/rizin rizin/rz-bin 309f57434dfa17954f02cdcbb3a2ac4108651767 Buffer Over-read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.502317"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/rizinorg/rizin/issues/4893"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/18765730/rz-bin-6fb50-poc.zip"
},
{
"tags": [
"patch"
],
"url": "https://github.com/rizinorg/rizin/milestone/18"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-28T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-28T18:05:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "rizinorg rizin pdb.c msf_stream_directory_free buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1786",
"datePublished": "2025-03-01T10:00:07.495Z",
"dateReserved": "2025-02-28T17:00:47.146Z",
"dateUpdated": "2025-03-03T20:35:48.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53256 (GCVE-0-2024-53256)
Vulnerability from cvelistv5
Published
2024-12-23 15:17
Modified
2024-12-24 01:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T01:55:14.759950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T01:55:31.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c 0.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T15:17:50.587Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-5jhc-frm4-p8v9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-5jhc-frm4-p8v9"
},
{
"name": "https://github.com/rizinorg/rizin/commit/db6c5b39c065ce719f587c9815c47fbb834b10fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/commit/db6c5b39c065ce719f587c9815c47fbb834b10fa"
},
{
"name": "https://github.com/rizinorg/rizin/blob/be24ca8879ed9c58f288bdf21c271b6294720da4/librz/main/rizin.c#L1275-L1278",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rizinorg/rizin/blob/be24ca8879ed9c58f288bdf21c271b6294720da4/librz/main/rizin.c#L1275-L1278"
}
],
"source": {
"advisory": "GHSA-5jhc-frm4-p8v9",
"discovery": "UNKNOWN"
},
"title": "Rizin has a command injection via RzBinInfo bclass due legacy code"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53256",
"datePublished": "2024-12-23T15:17:50.587Z",
"dateReserved": "2024-11-19T20:08:14.480Z",
"dateUpdated": "2024-12-24T01:55:31.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36043 (GCVE-0-2022-36043)
Vulnerability from cvelistv5
Published
2022-09-06 00:00
Modified
2025-04-23 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-415 - Double Free
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rjhv-mj4g-j4p5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/issues/2964"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rizinorg/rizin/commit/a3d50c1ea185f3f642f2d8180715f82d98840784"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:07.238253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:31:41.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rizin",
"vendor": "rizinorg",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user\u0027s machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rjhv-mj4g-j4p5"
},
{
"url": "https://github.com/rizinorg/rizin/issues/2964"
},
{
"url": "https://github.com/rizinorg/rizin/commit/a3d50c1ea185f3f642f2d8180715f82d98840784"
},
{
"name": "GLSA-202209-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-06"
},
{
"name": "FEDORA-2023-af305bed3d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"
}
],
"source": {
"advisory": "GHSA-rjhv-mj4g-j4p5",
"discovery": "UNKNOWN"
},
"title": "Rizin Double Free in bobj.c when using qnx binary plugin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36043",
"datePublished": "2022-09-06T00:00:00.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:31:41.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}