Double Free Vulnerability in Rizin UNIX-like Reverse Engineering Framework
CVE-2026-45324

3.3LOW

Key Information:

Vendor: Rizinorg
Status: Rizin
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-45324?

The Rizin UNIX-like reverse engineering framework contains a double free vulnerability caused by incorrect pointer ownership declaration in the byte_pattern_search function within librz/core/cmd/cmd_search.c. This flaw can lead to potential memory corruption, which may be exploited to execute arbitrary code or crash the application. Users are advised to update to the latest version that includes the fix implemented in commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe to mitigate this risk.

Affected Version(s)

rizin < 045fff363b42b8a6dda8ad5229c29ec3267e7dbe

References

https://github.com/rizinorg/rizin/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/rizinorg/rizin/commit/045fff363b42b8a6...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 11, 2026

CVE-2026-45324 Data

JSON

Rizinorg

What is CVE-2026-45324?

Affected Version(s)

References

CVSS V3.1

Timeline