PT-2021-6794 · Rizin · Rizin

Octavio Galland

Published

2021-11-16

Updated

2021-12-23

CVE-2021-43814

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rizin versions up to and including 0.3.1

Description The issue is related to a heap-based out of bounds write in the parse die() function when reversing an AMD64 ELF binary with DWARF debug info. This can cause Rizin to crash or execute unintended actions when a malicious AMD64 ELF binary is opened.

Recommendations For versions up to and including 0.3.1, users are advised to upgrade to a newer version to resolve the issue. As a temporary workaround, consider avoiding the use of the parse die() function when reversing AMD64 ELF binaries with DWARF debug info until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-02214

CVE-2021-43814

GHSA-HQQP-VJCM-MW8R

Affected Products

Rizin

PT-2021-6794 · Rizin · Rizin

CVE-2021-43814

Weakness Enumeration

Related Identifiers

Affected Products

References · 10