MGASA-2025-0005 Updated rizin packages fix security vulnerability

Command injection via RzBinInfo bclass due legacy code. CVE-2022-1207...

CVE-2024-53256

CVE-2024-53256 affects the Rizin project. A command injection flaw exists in rizin.c where an old snippet using rz_core_cmdf to invoke the removed command m can execute, enabling exploitation when a malicious binary defines bclass in RzBinInfo and rclass is set to fs; this can affect any bin form...

CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code

Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...

PT-2022-13711 · Radare2 +1 · Radare2 +1

Name of the Vulnerable Software and Affected Versions: radare2 versions prior to 5.6.8 Description: The issue is an out-of-bounds read that allows attackers to read sensitive information from outside the allocated buffer boundary. This can be exploited via command injection through the RzBinInfo...