CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27590

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.0%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2023-27590

Rizin » Rizin » Version: N/A

cpe:2.3:a:rizin:rizin:-
Rizin » Rizin » Version: 0.1.0

cpe:2.3:a:rizin:rizin:0.1.0
Rizin » Rizin » Version: 0.1.1

cpe:2.3:a:rizin:rizin:0.1.1
Rizin » Rizin » Version: 0.1.2

cpe:2.3:a:rizin:rizin:0.1.2
Rizin » Rizin » Version: 0.2.0

cpe:2.3:a:rizin:rizin:0.2.0
Rizin » Rizin » Version: 0.2.1

cpe:2.3:a:rizin:rizin:0.2.1
Rizin » Rizin » Version: 0.3.0

cpe:2.3:a:rizin:rizin:0.3.0
Rizin » Rizin » Version: 0.3.1

cpe:2.3:a:rizin:rizin:0.3.1
Rizin » Rizin » Version: 0.3.2

cpe:2.3:a:rizin:rizin:0.3.2
Rizin » Rizin » Version: 0.3.3

cpe:2.3:a:rizin:rizin:0.3.3
Rizin » Rizin » Version: 0.3.4

cpe:2.3:a:rizin:rizin:0.3.4
Rizin » Rizin » Version: 0.4.0

cpe:2.3:a:rizin:rizin:0.4.0
Rizin » Rizin » Version: 0.4.1

cpe:2.3:a:rizin:rizin:0.4.1
Rizin » Rizin » Version: 0.5.0

cpe:2.3:a:rizin:rizin:0.5.0
Rizin » Rizin » Version: 0.5.1

cpe:2.3:a:rizin:rizin:0.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-27590

Products

Pricing

Contact Us