CVE-2022-36039

Name of the Vulnerable Software and Affected Versions Rizin versions 0.4.0 and prior

Description The issue affects a UNIX-like reverse engineering framework and command-line toolset, allowing an attacker to execute code on a user's machine when a malicious DEX file is opened. This is due to an out-of-bounds write when parsing DEX files.

Recommendations For versions 0.4.0 and prior, update to a patched version available on the dev branch of the repository to resolve the issue. As a temporary workaround, consider avoiding the use of the DEX file parsing functionality until the patch is applied.