PT-2025-9172 · Rizin · Rizin

Ekkosun

Published

2025-03-01

Updated

2025-03-03

CVE-2025-1786

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rizinorg rizin versions 0.7.4 and earlier

Description A critical issue affects the function msf stream directory free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Recommendations To address this issue, upgrade to version 0.8.0. As a temporary workaround, consider restricting access to the msf stream directory free function until a patch is available. Avoid using the argument -P in the affected library until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

CVE-2025-1786

Affected Products

Rizin

PT-2025-9172 · Rizin · Rizin

CVE-2025-1786

Weakness Enumeration

Related Identifiers

Affected Products

References · 14