CVE-2021-43814 - OpenCVE

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rizin	Rizin

Configuration 1 [-]

cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406	Patch Third Party Advisory
https://github.com/rizinorg/rizin/issues/2083	Third Party Advisory
https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-12-13T19:35:12

Updated: 2021-12-13T19:35:12

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43814

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-13T20:15:07.640

Modified: 2021-12-22T21:29:35.347

Link: CVE-2021-43814

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "rizin", "vendor": "rizinorg", "versions": [{"status": "affected", "version": "<= 0.3.1"}]}], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-13T19:35:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}], "source": {"advisory": "GHSA-hqqp-vjcm-mw8r", "discovery": "UNKNOWN"}, "title": "Heap-based OOB write when parsing dwarf DIE info in Rizin", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43814", "STATE": "PUBLIC", "TITLE": "Heap-based OOB write when parsing dwarf DIE info in Rizin"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "rizin", "version": {"version_data": [{"version_value": "<= 0.3.1"}]}}]}, "vendor_name": "rizinorg"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787: Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r", "refsource": "CONFIRM", "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}, {"name": "https://github.com/rizinorg/rizin/issues/2083", "refsource": "MISC", "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"name": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406", "refsource": "MISC", "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}]}, "source": {"advisory": "GHSA-hqqp-vjcm-mw8r", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43814", "datePublished": "2021-12-13T19:35:12", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2021-12-13T19:35:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDF54820-3CA2-49DC-9B65-DF480E8AF596", "versionEndIncluding": "0.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."}, {"lang": "es", "value": "Rizin es un marco de trabajo de ingenier\u00eda inversa de tipo UNIX y un conjunto de herramientas de l\u00ednea de comandos. En versiones hasta 0.3.1 incluy\u00e9ndola, se presenta una escritura fuera de l\u00edmites en la regi\u00f3n heap de la memoria en la funci\u00f3n parse_die() cuando es invertido un binario ELF AMD64 con informaci\u00f3n de depuraci\u00f3n DWARF. Cuando un usuario v\u00edctima abre un binario ELF AMD64 malicioso, Rizin puede bloquearse o ejecutar acciones no deseadas. No se conocen soluciones y se aconseja a los usuarios que actualicen"}], "id": "CVE-2021-43814", "lastModified": "2021-12-22T21:29:35.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-12-13T20:15:07.640", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}