Skip to main content

rz-libdemangle EUVDEUVD-2026-44968

| CVE-2026-45612 MEDIUM
Out-of-bounds Read (CWE-125)
2026-07-16 GitHub_M
5.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vuln.today AI
5.5 MEDIUM

Local file processing triggers the bug (AV:L); user must open crafted binary (UI:R); OOB read discloses memory (C:H) with no write or confirmed crash path (I:N/A:N).

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
Jul 16, 2026 - 18:18 EUVD
Source Code Evidence Fetched
Jul 16, 2026 - 17:16 vuln.today
Analysis Generated
Jul 16, 2026 - 17:16 vuln.today

DescriptionCVE.org

rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rust_v0.c can perform an out-of-bounds read when the demangler structure is not yet initialized. This issue is fixed in commit 6bf56d3.

AnalysisAI

Out-of-bounds read in rz-libdemangle's Rust v0 demangler leaks process memory when a caller invokes the demangling routine before the internal rust_v0_t structure is properly initialized. All builds of the library prior to commit 6bf56d3 are affected, putting security analysts and reverse engineers who process untrusted Rust binaries through the Rizin framework at risk of memory disclosure. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft Rust binary with malformed v0-mangled symbols
Delivery
Deliver binary to analyst via phishing or adversarial sample
Exploit
Analyst opens binary in Rizin
Execution
Rust v0 demangler invoked with uninitialized structure
Persist
Out-of-bounds read leaks process heap or stack memory
Impact
Attacker recovers disclosed memory from output or side-channel

Vulnerability AssessmentAI

Exploitation Exploitation requires a user to actively open or process a crafted binary containing malformed Rust symbols using Rizin or any application that links rz-libdemangle - the CVSS UI:R metric confirms this mandatory user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.5 Medium (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) accurately reflects the constrained threat model: exploitation requires local execution of Rizin against a malicious file, with mandatory user interaction, but no privileges and low complexity once the analyst opens the file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a Rust binary containing symbol names specifically constructed to invoke the v0 demangling code path before the rust_v0_t structure is initialized, then distributes it via a malware sample repository, phishing payload, or compromised package. When a security researcher opens the binary in Rizin for analysis, the demangler reads beyond valid memory boundaries, potentially disclosing memory contents from the analyst's process. …
Remediation Upstream fix is available via commit 6bf56d3b32547ae4cb069ccfc2d2b6c7b63a4cb (PR #83: https://github.com/rizinorg/rz-libdemangle/pull/83); a released patched version with a version tag is not independently confirmed from available data, so users should verify their build incorporates this commit or later by checking git history. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44968 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy