35 matches found
Rizin 安全漏洞
Rizin is a free open-source reverse-engineering framework developed by the Rizin organization. It is used for analyzing binary files, disassembling code, debugging programs, as a forensics tool, and as a command-line hexadecimal editor capable of opening disk files. Rizin has a security...
CVE-2026-22780 Rizin has a heap overflow on mach0_chained_fixups.c
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2...
EUVD-2022-38814
Malicious code in bioql PyPI...
EUVD-2022-37564
Malicious code in bioql PyPI...
EUVD-2023-34651
Malicious code in bioql PyPI...
EUVD-2021-33925
Malicious code in bioql PyPI...
SUSE CVE-2025-1786
A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msfstreamdirectoryfree in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The...
CVE-2025-1786
A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msfstreamdirectoryfree in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The...
CVE-2024-53256
CVE-2024-53256 affects the Rizin project. A command injection flaw exists in rizin.c where an old snippet using rz_core_cmdf to invoke the removed command m can execute, enabling exploitation when a malicious binary defines bclass in RzBinInfo and rclass is set to fs; this can affect any bin form...
CVE-2024-53256 Rizin has a command injection via RzBinInfo bclass due legacy code
Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c still had an old snippet of code which suffered a command injection due the usage of rzcorecmdf to invoke the command m which was removed in v0.1.x. A malicious binary defining bclass part of RzBinInfo is execute...
PT-2024-35695 · Rizin · Rizin
Name of the Vulnerable Software and Affected Versions: Rizin versions prior to 0.7.4 Description: Rizin is a UNIX-like reverse engineering framework and command-line toolset. A code snippet in rizin.c suffered a command injection due to the usage of rz core cmdf to invoke the command m which was...
CVE-2024-31668
rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via metaset function in librz/analysis/meta...
CVE-2024-31668
rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via metaset function in librz/analysis/meta...
CVE-2024-31668
CVE-2024-31668 affects rizin prior to v0.6.3, due to Improper Neutralization of Special Elements via the meta_set function in librz/analysis/meta. The linked documents confirm this is a rizin-related issue and tie it to Fedora advisories referencing rizin updates (e.g., Fedora 40/41 advisories an...
CVE-2024-31668
rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via metaset function in librz/analysis/meta...
CVE-2024-31670
rizin before v0.6.3 is vulnerable to Buffer Overflow via createcachebins, readcacheaccel, and rzdyldcachenewbuf functions in librz/bin/format/mach0/dyldcache.c...
CVE-2024-31670
rizin before v0.6.3 is vulnerable to Buffer Overflow via createcachebins, readcacheaccel, and rzdyldcachenewbuf functions in librz/bin/format/mach0/dyldcache.c...
CVE-2024-31670
rizin before v0.6.3 is vulnerable to Buffer Overflow via createcachebins, readcacheaccel, and rzdyldcachenewbuf functions in librz/bin/format/mach0/dyldcache.c...
CVE-2024-31670
CVE-2024-31670 affects rizin before v0.6.3. The buffer overflow vulnerability is triggered via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf in librz/bin/format/mach0/dyldcache.c, with impact described as low for confidentiality, integrity, and availability per CVSS 3.1 vector. Pu...
CVE-2024-31669
rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via binpeparseimports, Perbinpeparsevar, and estimateslide...