Rizin Out-of-bounds Write vulnerability in Lua binary plugin
CVE-2022-36044

7.8HIGH

Key Information:

Vendor: Rizinorg
Status: Rizin
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-36044?

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.

Affected Version(s)

rizin <= 0.4.0

References

https://github.com/rizinorg/rizin/security/advisories/GHS...

https://github.com/rizinorg/rizin/commit/05bbd147caccc601...

https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Jul 15, 2022

CVE-2022-36044 Data

JSON

Rizinorg

What is CVE-2022-36044?

Affected Version(s)

References

CVSS V3.1

Timeline