Vulnerability Details CVE-2021-43814
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 6.8
References
- https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406
- https://github.com/rizinorg/rizin/issues/2083
- https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r
- https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406
- https://github.com/rizinorg/rizin/issues/2083
- https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r
Products affected by CVE-2021-43814
-
cpe:2.3:a:rizin:rizin:-
-
cpe:2.3:a:rizin:rizin:0.1.0
-
cpe:2.3:a:rizin:rizin:0.1.1
-
cpe:2.3:a:rizin:rizin:0.1.2
-
cpe:2.3:a:rizin:rizin:0.2.0
-
cpe:2.3:a:rizin:rizin:0.2.1
-
cpe:2.3:a:rizin:rizin:0.3.0
-
cpe:2.3:a:rizin:rizin:0.3.1