Rizin is a UNIX-like reverse engineering framework and command-line toolset
The Rizin reverse engineering framework has a double free vulnerability in its byte pattern search function. This occurs due to incorrect pointer ownership, which can cause the program to crash or potentially execute arbitrary code. The vulnerability is relatively low-risk due to the requirement for physical access to the system.
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.
Developers and users of the Rizin framework who have physical access to the system are at low risk of crashing the program or potentially executing arbitrary code due to the double free vulnerability.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
0
Affected Products
2
References
CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
Exploitability
Impact