Skip to main content

Rizin CVE-2026-45613

| EUVD-2026-33423 LOW
Out-of-bounds Read (CWE-125)
2026-05-29 GitHub_M
Information Disclosure Buffer Overflow Rizin
3.3
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 29, 2026 - 19:47 vuln.today
Analysis Generated
May 29, 2026 - 19:47 vuln.today

DescriptionGitHub Advisory

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.

AnalysisAI

Heap out-of-bounds read in Rizin's OMF binary parser exposes heap memory contents when a user opens a maliciously crafted Object Module Format file. An off-by-one bounds check error in the rz_bin_omf_get_entry function within librz/bin/format/omf/omf.c allows array access one element past the end of the allocated sections array, resulting in limited confidentiality impact (heap data disclosure). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft OMF binary with oversized seg_idx
Delivery
Deliver file to Rizin analyst
Exploit
Analyst opens file for reverse engineering
Execution
rz_bin_omf_get_entry executes bounds check
Persist
Off-by-one passes, sections array overread occurs
Impact
Heap pointer or adjacent bytes disclosed
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The victim must explicitly open a crafted OMF (Object Module Format) binary file using Rizin, specifically triggering the `rz_bin_omf_get_entry` code path during binary parsing. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.3 score is well-calibrated and reflects genuinely low real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts an OMF object file containing a symbol entry whose `seg_idx` value equals `nb_section + 1`, causing the original off-by-one bounds check to pass and triggering a read of the heap pointer immediately past the sections array. When a reverse engineer loads this file into Rizin for analysis - for example, while triaging a suspicious legacy binary - the parser reads out-of-bounds heap data, potentially leaking a pointer or adjacent allocation contents. …
Remediation The upstream fix is available via commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47 (https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47); users should update to the Rizin release that includes this commit once a tagged version is published - the exact patched release version is not confirmed from available data, so monitor the GitHub advisory at https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v for release details. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-45613 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy