Exploit Report

Computer Security And Bug Information


CVE Title
Published Date2023-03-14T21:15Z
Modified Date2023-03-21T15:00Z
CWE TypeCWE-787
DescriptionRizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf
Reference DescriptionMISC https://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf
Reference URLhttps://github.com/rizinorg/rizin/pull/3422
Reference DescriptionMISC https://github.com/rizinorg/rizin/pull/3422
Reference URLhttps://github.com/rizinorg/rizin/commit/d6196703d89c84467b600ba2692534579dc25ed4
Reference DescriptionMISC https://github.com/rizinorg/rizin/commit/d6196703d89c84467b600ba2692534579dc25ed4
Reference URLhttps://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L545
Reference DescriptionMISC https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L545
Reference URLhttps://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514
Reference DescriptionMISC https://github.com/rizinorg/rizin/blob/3a7d5116244beb678ad9950bb9dd27d28ed2691f/librz/reg/profile.c#L514
TagsPatch Vendor Advisory

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles