VYPR
Unrated severityNVD Advisory· Published Dec 13, 2021· Updated Aug 4, 2024

Heap-based OOB write when parsing dwarf DIE info in Rizin

CVE-2021-43814

Description

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rizin/Rizinllm-fuzzy2 versions
    <=0.3.1+ 1 more
    • (no CPE)range: <=0.3.1
    • (no CPE)range: <= 0.3.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.