CVE-2022-34612

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.

Se ha detectado que Rizin versiones v0.4.0 y anteriores, contienen un desbordamiento de enteros por medio de la función get_long_object(). Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de un binario diseñado

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-26 CVE Reserved
2022-07-27 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-10-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://github.com/rizinorg/rizin/issues/2738	2024-08-03

URL	Date	SRC
https://github.com/rizinorg/rizin/pull/2739	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N	2023-11-07
https://security.gentoo.org/glsa/202209-06	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rizin Search vendor "Rizin"		Rizin Search vendor "Rizin" for product "Rizin"				<= 0.4.0 Search vendor "Rizin" for product "Rizin" and version " <= 0.4.0"		-		Affected