Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.
References
Configurations
History
12 Jul 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-120 CWE-121 |
Information
Published : 2023-03-14 21:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-27590
Mitre link : CVE-2023-27590
CVE.ORG link : CVE-2023-27590
JSON object : View
Products Affected
rizin
- rizin