Rizin
CVE-2026-22780
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Lifecycle Timeline
3DescriptionGitHub Advisory
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
AnalysisAI
Rizin versions up to 0.8.2 is affected by allocation of resources without limits or throttling (CVSS 4.4).
Technical ContextAI
This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) affects Rizin. Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
RemediationAI
A vendor patch is available — apply it immediately. Fixed in version 0.8.2..
Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). Rated medium se
rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis
A vulnerability was found in rizinorg rizin up to 0.7.4. Rated medium severity (CVSS 4.8), this vulnerability is low att
A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. Rated medium severity (CVSS
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulner
Same technique Heap Overflow
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today