Skip to content

Heap-based OOB write when parsing dwarf DIE info in Rizin

Moderate
ret2libc published GHSA-hqqp-vjcm-mw8r Dec 13, 2021

Package

rizin (C)

Affected versions

<=0.3.1

Patched versions

None

Description

Impact

There is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions.

Patches

aa69177

Workarounds

We are not aware of any.

References

#2083

For more information

If you have any questions or comments about this advisory email us at [email protected].

Severity

Moderate

CVE ID

CVE-2021-43814

Weaknesses

Credits