CVE-2022-36043

Name of the Vulnerable Software and Affected Versions Rizin versions 0.4.0 and prior

Description The issue is related to a double free in bobj.c:rz bin reloc storage free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected, allowing an attacker to execute code on the user's machine.

Recommendations For versions 0.4.0 and prior, apply the patch contained in commit number a3d50c1ea185f3f642f2d8180715f82d98840784 to resolve the issue. As a temporary workaround, consider avoiding the use of the qnx binary plugin until the patch is applied.