CVE-2026-22780

EPSS 0%
Veröffentlicht 02.02.2026 23:16:06
Zuletzt bearbeitet 20.02.2026 21:12:28
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rizin ≫ Rizin Version < 0.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
security-advisories@github.com	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200

Patch

https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989

Patch

https://github.com/rizinorg/rizin/issues/5768

Issue Tracking

https://github.com/rizinorg/rizin/pull/5770

Issue Tracking

https://github.com/rizinorg/rizin/releases/tag/v0.8.2

Product

Release Notes

https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj