[ASA-202204-4] rizin: multiple issues

Arch Linux Security Advisory ASA-202204-4 ========================================= Severity: Medium Date : 2022-04-04 CVE-ID : CVE-2021-4022 CVE-2021-43814 Package : rizin Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-2590 Summary ======= The package rizin before...

CVE-2021-43814

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...

Heap overflow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parsedie when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin ma...

CVE-2021-43814

CVE-2021-43814 affects Rizin up to version 0.3.1, with a heap-based out-of-bounds write in parse_die() when reversing AMD64 ELF binaries with DWARF info. This can allow a malicious binary to cause a crash or arbitrary actions and potentially code execution. Upstream remediation is available in 0....