CVE-2023-40022

Name of the Vulnerable Software and Affected Versions Rizin versions 0.6.0 and prior

Description The issue is related to an integer overflow in the consume count function of src/gnu v2/cplus-dem.c. This overflow occurs because the compiler considers a block of code as unreachable due to a prior multiplication statement, assuming the count will always be a multiple of 10. As a result, the overflow check, although valid, is missing the modulus if the block is compiled.

Recommendations For versions 0.6.0 and prior, update to version 0.6.1 to resolve the issue. As a temporary workaround, consider disabling C++ demangling using the configuration option bin.demangle=false.