Unrated severityNVD Advisory· Published Dec 13, 2021· Updated Aug 4, 2024
Heap-based OOB write when parsing dwarf DIE info in Rizin
CVE-2021-43814
Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406mitrex_refsource_MISC
- github.com/rizinorg/rizin/issues/2083mitrex_refsource_MISC
- github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8rmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.