3.3
CVE-2026-45324
- EPSS 0.1%
- Veröffentlicht 29.05.2026 19:08:39
- Zuletzt bearbeitet 29.05.2026 20:21:38
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Rizin: Double free in cmd_search.c
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerrizinorg
≫
Produkt
rizin
Version
< 045fff363b42b8a6dda8ad5229c29ec3267e7dbe
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.011 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 3.3 | 0.3 | 2.7 |
CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
https://github.com/rizinorg/rizin/security/advisories/GHSA-2377-chx7-xf7c
https://github.com/rizinorg/rizin/commit/045fff363b42b8a6dda8ad5229c29ec3267e7dbe