Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202204-4
HistoryApr 04, 2022 - 12:00 a.m.

[ASA-202204-4] rizin: multiple issues

2022-04-0400:00:00
security.archlinux.org
17

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

31.1%

JSON

Arch Linux Security Advisory ASA-202204-4

Severity: Medium
Date : 2022-04-04
CVE-ID : CVE-2021-4022 CVE-2021-43814
Package : rizin
Type : multiple issues
Remote : No
Link : https://security.archlinux.org/AVG-2590

Summary

The package rizin before version 0.3.2-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution

Upgrade to 0.3.2-1.

pacman -Syu “rizin>=0.3.2-1”

The problems have been fixed upstream in version 0.3.2.

Workaround

None.

Description

  • CVE-2021-4022 (denial of service)

A specially crafted binary can make Rizin segfault when it tries to
analyze it (doing a full analysis with aaa). In
rz_core_analysis_type_match retctx structure was initialized on the
stack only after a “goto out_function”, where a field of that structure
was freed. When the goto path is taken, the field is not properly
initialized and it could cause a crash of Rizin or have other effects.

  • CVE-2021-43814 (arbitrary code execution)

In Rizin versions up to and including 0.3.1 there is a heap-based out
of bounds write in parse_die() when reversing an AMD64 ELF binary with
DWARF debug info. When a malicious AMD64 ELF binary is opened by a
victim user, Rizin may crash or execute unintended actions.

Impact

An attacker is able to provide a malicious AMD64 ELF binary that when
opened by a victim may execute arbitrary code on the affected host.

References

https://github.com/rizinorg/rizin/issues/2015
https://github.com/rizinorg/rizin/pull/2031
https://github.com/rizinorg/rizin/commit/21584e416cdcef2fa7d855c5aabf592a965f0e8d
https://github.com/rizinorg/rizin/commit/6ce71d8aa3dafe3cdb52d5d72ae8f4b95916f939
https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r
https://github.com/rizinorg/rizin/issues/2083
https://github.com/rizinorg/rizin/pull/2086
https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406
https://github.com/rizinorg/rizin/commit/1a63dad027df62c5d65cad480d9ddc6134a5509b
https://security.archlinux.org/CVE-2021-4022
https://security.archlinux.org/CVE-2021-43814

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyrizin< 0.3.2-1UNKNOWN

Related

prion 2
cve 2
cnvd 1
osv 2
prion
prion
Heap overflow
2021-12-13 20:15:00
Design/Logic Flaw
2022-08-25 18:15:00
cve
cve
CVE-2021-43814
2021-12-13 20:15:00
CVE-2021-4022
2022-08-25 18:15:00
cnvd
cnvd
Rizin buffer overflow vulnerability
2021-12-15 00:00:00
osv
osv
CVE-2021-43814
2021-12-13 20:15:07
CVE-2021-4022
2022-08-25 18:15:09

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

31.1%

JSON
Related for ASA-202204-4
prion2cve2cnvd1osv2