Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| rizinorg | rizin | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-30699 | Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade. |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-04T04:03:09.036Z
Reserved: 2021-11-16T00:00:00.000Z
Link: CVE-2021-43814
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-12-13T20:15:07.640
Modified: 2024-11-21T06:29:50.923
Link: CVE-2021-43814
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses