7.8

CVE-2022-36044

EPSS 0.16%
Veröffentlicht 06.09.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 07:12:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rizin ≫ Rizin Version <= 0.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.37

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/

https://security.gentoo.org/glsa/202209-06

Third Party Advisory

https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cd

Patch

Third Party Advisory

https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460c7

Patch

Third Party Advisory

https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5q

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-36044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-36044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-36044

EUVD