Rizin@* Security Vulnerabilities and Issues — Rizin@* CVE List

Lucene search

RizinRizin*

16 matches found

CVE•added 2023/03/14 9:15 p.m.•60 views

CVE-2023-27590

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the name, type, or groups fields have longer values than expected. Users op...

7.8CVSS7.8AI score0.00031EPSS

CVE•added 2022/09/06 8:15 p.m.•56 views

CVE-2022-36040

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code ...

7.8CVSS7.6AI score0.00065EPSS

CVE•added 2022/09/06 8:15 p.m.•55 views

CVE-2022-36044

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the...

7.8CVSS7.6AI score0.00142EPSS

CVE•added 2022/09/06 8:15 p.m.•52 views

CVE-2022-36041

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user'...

7.8CVSS7.6AI score0.00169EPSS

CVE•added 2022/09/06 7:15 p.m.•52 views

CVE-2022-36042

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute...

7.8CVSS7.6AI score0.00148EPSS

CVE•added 2022/09/06 8:15 p.m.•52 views

CVE-2022-36043

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vuln...

7.8CVSS7.6AI score0.00148EPSS

CVE•added 2023/08/24 11:15 p.m.•47 views

CVE-2023-40022

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consume_count of src/gnu_v2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block...

7.8CVSS7.8AI score0.00073EPSS

CVE•added 2024/12/17 10:15 p.m.•47 views

CVE-2024-31668

rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.

9.1CVSS6.6AI score0.00075EPSS

CVE•added 2022/07/27 2:15 a.m.•45 views

CVE-2022-34612

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.

5.5CVSS6.1AI score0.00026EPSS

CVE•added 2022/08/25 6:15 p.m.•41 views

CVE-2021-4022

A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When a specially crafted binarygets analysed by rizin, it causes rizin to crash by freeing an uninitialized (and potentially user controlled, depending on the build) memory address.

5.5CVSS5.9AI score0.00023EPSS

CVE•added 2024/12/02 3:15 p.m.•40 views

CVE-2024-31669

rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.

7.5CVSS7AI score0.00106EPSS

CVE•added 2024/12/12 6:15 p.m.•37 views

CVE-2024-31670

rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.

6.3CVSS7AI score0.00095EPSS

CVE•added 2022/09/06 7:15 p.m.•35 views

CVE-2022-36039

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine...

7.8CVSS7.7AI score0.00359EPSS

CVE•added 2023/03/24 8:15 p.m.•33 views

CVE-2021-3674

A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function...

7.8CVSS8AI score0.00079EPSS

CVE•added 2021/12/13 8:15 p.m.•33 views

CVE-2021-43814

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin m...

7.8CVSS7.7AI score0.00333EPSS

CVE•added 2023/07/12 2:15 a.m.•26 views

CVE-2023-30226

An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.

5.5CVSS5.3AI score0.00044EPSS