ALT-PU-2026-3387-2

Обновление пакета rizin в ветке p11

Версия0.8.2-alt1

Задание#407152

Опубликовано2026-04-25

Макс. серьёзностьMEDIUM

Серьёзность:

Закрытые проблемы (2)

MEDIUM6.1

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.

Опубликовано: 2026-02-02Изменено: 2026-02-20

CVSS 3.xСРЕДНЯЯ 6.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Ссылки

MEDIUM6.2

A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.

Опубликовано: 2026-04-06Изменено: 2026-04-14

CVSS 3.xСРЕДНЯЯ 6.2

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки