CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1CVE-2025-1788 – rizinorg rizin utf8.c rz_utf8_encode heap-based overflow
https://notcve.org/view.php?id=CVE-2025-1788
01 Mar 2025 — A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/rizinorg/rizin/issues/4910 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53256 – Rizin has a command injection via RzBinInfo bclass due legacy code
https://notcve.org/view.php?id=CVE-2024-53256
23 Dec 2024 — Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4. Rizin es un fram... • https://github.com/rizinorg/rizin/blob/be24ca8879ed9c58f288bdf21c271b6294720da4/librz/main/rizin.c#L1275-L1278 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40022 – Rizin vulnerable to Integer Overflow in C++ demangler logic
https://notcve.org/view.php?id=CVE-2023-40022
24 Aug 2023 — Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. • https://github.com/rizinorg/rizin/pull/3753 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30226
https://notcve.org/view.php?id=CVE-2023-30226
12 Jul 2023 — An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file. • https://github.com/ifyGecko/CVE-2023-30226 • CWE-834: Excessive Iteration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-3674
https://notcve.org/view.php?id=CVE-2021-3674
24 Mar 2023 — A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function. • https://gist.github.com/netspooky/61101e191afee95feda7dbd2f6b061c4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27590 – Rizin has stack-based buffer overflow when parsing GDB registers profile files
https://notcve.org/view.php?id=CVE-2023-27590
14 Mar 2023 — Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, revi... • https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36039 – Out-of-bounds write when parsing DEX files in Rizin
https://notcve.org/view.php?id=CVE-2022-36039
06 Sep 2022 — Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. A patch is available on the `dev` branch of the repository. Rizin es un marco de trabajo de ingeniería inversa tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36040 – Rizin Out-of-bounds Write vulnerability in pyc/marshal.c
https://notcve.org/view.php?id=CVE-2022-36040
06 Sep 2022 — Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch. Rizin es un marco de trabajo de ingeniería inversa tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/68948017423a12786704e54227b8b2f918c2fd27 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36041 – Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin
https://notcve.org/view.php?id=CVE-2022-36041
06 Sep 2022 — Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch. Rizin es un marco de trabajo de ingeniería inversa tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/7323e64d68ecccfb0ed3ee480f704384c38676b2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36042 – Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin
https://notcve.org/view.php?id=CVE-2022-36042
06 Sep 2022 — Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch. Rizin es un marco de trabajo de ingeniería inversa de tipo UNIX y un conjunto de herramientas de línea de coman... • https://github.com/rizinorg/rizin/commit/556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 • CWE-787: Out-of-bounds Write •