CVE-2026-22780 (GCVE-0-2026-22780)

Vulnerability from cvelistv5 – Published: 2026-02-02 20:52 – Updated: 2026-02-03 15:37
VLAI?
Title
Rizin has a heap overflow on mach0_chained_fixups.c
Summary
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
Severity ?
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
Vendor Product Version
rizinorg rizin Affected: < 0.8.2
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T15:37:14.553207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T15:37:25.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rizin",
          "vendor": "rizinorg",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-02T20:52:23.859Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj"
        },
        {
          "name": "https://github.com/rizinorg/rizin/issues/5768",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rizinorg/rizin/issues/5768"
        },
        {
          "name": "https://github.com/rizinorg/rizin/pull/5770",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rizinorg/rizin/pull/5770"
        },
        {
          "name": "https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989"
        },
        {
          "name": "https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200"
        },
        {
          "name": "https://github.com/rizinorg/rizin/releases/tag/v0.8.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rizinorg/rizin/releases/tag/v0.8.2"
        }
      ],
      "source": {
        "advisory": "GHSA-f3v7-xhmj-9cjj",
        "discovery": "UNKNOWN"
      },
      "title": "Rizin has a heap overflow on mach0_chained_fixups.c"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22780",
    "datePublished": "2026-02-02T20:52:23.859Z",
    "dateReserved": "2026-01-09T18:27:19.388Z",
    "dateUpdated": "2026-02-03T15:37:25.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-22780\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-02T23:16:06.870\",\"lastModified\":\"2026-02-20T21:12:28.077\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.\"},{\"lang\":\"es\",\"value\":\"Rizin es un framework de ingenier\u00eda inversa y conjunto de herramientas de l\u00ednea de comandos similar a UNIX. Antes de la 0.8.2, se puede explotar un desbordamiento de mont\u00edculo cuando un archivo mach0 malicioso, que contiene entradas falsas para los segmentos encadenados de dyld, es analizado por rizin. Esta vulnerabilidad est\u00e1 corregida en la 0.8.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.8.2\",\"matchCriteriaId\":\"E00A5664-A784-4C49-9A16-7DC39DE648E5\"}]}]}],\"references\":[{\"url\":\"https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rizinorg/rizin/issues/5768\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rizinorg/rizin/pull/5770\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/rizinorg/rizin/releases/tag/v0.8.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-22780\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-03T15:37:14.553207Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-03T15:37:21.823Z\"}}], \"cna\": {\"title\": \"Rizin has a heap overflow on mach0_chained_fixups.c\", \"source\": {\"advisory\": \"GHSA-f3v7-xhmj-9cjj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"rizinorg\", \"product\": \"rizin\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.8.2\"}]}], \"references\": [{\"url\": \"https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj\", \"name\": \"https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/rizinorg/rizin/issues/5768\", \"name\": \"https://github.com/rizinorg/rizin/issues/5768\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rizinorg/rizin/pull/5770\", \"name\": \"https://github.com/rizinorg/rizin/pull/5770\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989\", \"name\": \"https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200\", \"name\": \"https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rizinorg/rizin/releases/tag/v0.8.2\", \"name\": \"https://github.com/rizinorg/rizin/releases/tag/v0.8.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-02T20:52:23.859Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-22780\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-03T15:37:25.089Z\", \"dateReserved\": \"2026-01-09T18:27:19.388Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-02T20:52:23.859Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.