CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36042 – Rizin Out-of-bounds Write vulnerability in dyld cache binary plugin
https://notcve.org/view.php?id=CVE-2022-36042
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch. Rizin es un marco de trabajo de ingeniería inversa de tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 https://github.com/rizinorg/rizin/security/advisories/GHSA-pf72-jg54-8gvp https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N https://security.gentoo.org/glsa/202209-06 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36043 – Rizin Double Free in bobj.c when using qnx binary plugin
https://notcve.org/view.php?id=CVE-2022-36043
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue. Rizin es un marco de trabajo de ingeniería inversa tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/a3d50c1ea185f3f642f2d8180715f82d98840784 https://github.com/rizinorg/rizin/issues/2964 https://github.com/rizinorg/rizin/security/advisories/GHSA-rjhv-mj4g-j4p5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N https://security.gentoo.org/glsa/202209-06 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36044 – Rizin Out-of-bounds Write vulnerability in Lua binary plugin
https://notcve.org/view.php?id=CVE-2022-36044
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue. Rizin es un framework de ingeniería inversa de tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cd https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N https://security.gentoo.org/glsa/202209-06 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36040 – Rizin Out-of-bounds Write vulnerability in pyc/marshal.c
https://notcve.org/view.php?id=CVE-2022-36040
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch. Rizin es un marco de trabajo de ingeniería inversa tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/68948017423a12786704e54227b8b2f918c2fd27 https://github.com/rizinorg/rizin/issues/2963 https://github.com/rizinorg/rizin/security/advisories/GHSA-h897-rhm9-rpmw https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N https://security.gentoo.org/glsa/202209-06 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36041 – Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin
https://notcve.org/view.php?id=CVE-2022-36041
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch. Rizin es un marco de trabajo de ingeniería inversa tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/7323e64d68ecccfb0ed3ee480f704384c38676b2 https://github.com/rizinorg/rizin/issues/2956 https://github.com/rizinorg/rizin/security/advisories/GHSA-2c7m-2f37-mr5m https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N https://security.gentoo.org/glsa/202209-06 • CWE-787: Out-of-bounds Write •