Rizin vulnerable to Integer Overflow in C++ demangler logic
CVE-2023-40022

7.8HIGH

Key Information:

Vendor

Rizinorg

Status
Rizin
Vendor
CVE Published:
24 August 2023

What is CVE-2023-40022?

Rizin, a UNIX-like reverse engineering framework, is impacted by an integer overflow vulnerability in the consume_count function of src/gnu_v2/cplus-dem.c. This vulnerability arises from a logical flaw where overflow is not properly accounted for due to assumptions made by the compiler regarding the count being a multiple of 10. Although the overflow check is logically sound, it fails to include a modulus operation. As a result, Rizin versions 0.6.0 and earlier are susceptible to this issue. Rizin has addressed the vulnerability in version 0.6.1. A temporary workaround for affected users is to disable C++ demangling by setting the configuration option bin.demangle=false.

Affected Version(s)

rizin < 0.6.1

References

https://github.com/rizinorg/rizin/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/rizinorg/rizin/pull/3753
x_refsource_MISC
https://github.com/rizinorg/rz-libdemangle/pull/54
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.