CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40022 – Rizin vulnerable to Integer Overflow in C++ demangler logic
https://notcve.org/view.php?id=CVE-2023-40022
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. • https://github.com/rizinorg/rizin/pull/3753 https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419 https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018 https://github.com/rizinorg/rz-libdemangle/pull/54 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30226
https://notcve.org/view.php?id=CVE-2023-30226
An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file. • https://github.com/ifyGecko/CVE-2023-30226 https://github.com/rizinorg/rizin/commit/a6d89de0d44e776f9bccc3a168fdc79f604e14ed • CWE-834: Excessive Iteration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-3674
https://notcve.org/view.php?id=CVE-2021-3674
A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function. • https://gist.github.com/netspooky/61101e191afee95feda7dbd2f6b061c4 https://github.com/rizinorg/rizin/pull/1313 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27590 – Rizin has stack-based buffer overflow when parsing GDB registers profile files
https://notcve.org/view.php?id=CVE-2023-27590
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands. • https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514 https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L545 https://github.com/rizinorg/rizin/commit/d6196703d89c84467b600ba2692534579dc25ed4 https://github.com/rizinorg/rizin/pull/3422 https://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW3JXI4TIJIR7PGFP74SN7GQYHW2F46Y • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36039 – Out-of-bounds write when parsing DEX files in Rizin
https://notcve.org/view.php?id=CVE-2022-36039
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. A patch is available on the `dev` branch of the repository. Rizin es un marco de trabajo de ingeniería inversa tipo UNIX y un conjunto de herramientas de línea de comandos. • https://github.com/rizinorg/rizin/commit/1524f85211445e41506f98180f8f69f7bf115406 https://github.com/rizinorg/rizin/issues/2969 https://github.com/rizinorg/rizin/security/advisories/GHSA-pr85-hv85-45pg https://security.gentoo.org/glsa/202209-06 • CWE-787: Out-of-bounds Write •