Skip to main content

Rizin CVE-2022-36041

HIGH
Out-of-bounds Write (CWE-787)
2022-09-06 security-advisories@github.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 06, 2022 - 20:15 nvd
HIGH 7.8

DescriptionNVD

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch.

AnalysisAI

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch. Affected products include: Rizin.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Rizin

View all
CVE-2022-34612 MEDIUM POC
5.5 Jul 27

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). Rated medium se

CVE-2024-31668 CRITICAL
9.1 Dec 17

rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis

CVE-2025-1786 MEDIUM POC
4.8 Mar 01

A vulnerability was found in rizinorg rizin up to 0.7.4. Rated medium severity (CVSS 4.8), this vulnerability is low att

CVE-2025-1788 MEDIUM POC
4.8 Mar 01

A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. Rated medium severity (CVSS

CVE-2023-40022 HIGH
7.8 Aug 24

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

CVE-2023-27590 HIGH
7.8 Mar 14

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

CVE-2022-36044 HIGH
7.8 Sep 06

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

CVE-2022-36043 HIGH
7.8 Sep 06

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

CVE-2022-36040 HIGH
7.8 Sep 06

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

CVE-2022-36042 HIGH
7.8 Sep 06

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

CVE-2022-36039 HIGH
7.8 Sep 06

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

CVE-2021-43814 HIGH
7.8 Dec 13

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner

Share

CVE-2022-36041 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy