2 matches found
CVE-2023-40022
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consumecount of src/gnuv2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...
CVE-2023-40022
CVE-2023-40022 affects Rizin (and Cutter) with an integer overflow in consume_count inside src/gnu_v2/cplus-dem.c for versions 0.6.0 and earlier. The overflow hinges on missing modulus after a multiplication by 10, which the compiler treats as dead code, enabling the overflow. A fix was introduce...