What is the CVSS score of EUVD-2026-33424?

EUVD-2026-33424 has a CVSS 3.1 base score of 3.3 (Low). CVSS vector: CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-33424?

Yes, a patch is available for EUVD-2026-33424. Update the affected software to the latest version immediately.

Rizin EUVD-2026-33424

| CVE-2026-45324 LOW

Double Free (CWE-415)

2026-05-29 GitHub_M

Information Disclosure Rizin

3.3

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

3.3 LOW

AV:P/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L

Attack Vector

Physical

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

May 29, 2026 - 21:02 EUVD

Source Code Evidence Fetched

May 29, 2026 - 19:47 vuln.today

Analysis Generated

May 29, 2026 - 19:47 vuln.today

DescriptionGitHub Advisory

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

AnalysisAI

Double free memory corruption in Rizin's byte_pattern_search() function (librz/core/cmd/cmd_search.c) arises from incorrect pointer ownership declarations, allowing a low-privileged local attacker with physical access to cause low-integrity and low-availability impacts under high-complexity conditions requiring user interaction. The CVSS score of 3.3 (Low) reflects the extremely constrained attack surface: physical presence, high complexity, and mandatory user interaction all limit practical exploitability. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Gain physical access to target workstation

Delivery

Obtain low-privilege local account

Exploit

Influence binary or search input processed by Rizin

Execution

User initiates byte_pattern_search()

Persist

Double free triggered in cmd_search.c

Impact

Heap metadata corruption causes integrity/availability degradation