CVE-2022-36043 - OpenCVE

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Rizin	Rizin

Configuration 1 [-]

cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/rizinorg/rizin/commit/a3d50c1ea185f3f642f2d8180715f82d98840784	Patch Third Party Advisory
https://github.com/rizinorg/rizin/issues/2964	Third Party Advisory
https://github.com/rizinorg/rizin/security/advisories/GHSA-rjhv-mj4g-j4p5	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/
https://security.gentoo.org/glsa/202209-06	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-09-06T00:00:00

Updated: 2023-03-30T00:00:00

Reserved: 2022-07-15T00:00:00

Link: CVE-2022-36043

JSON object: View

NVD Information

Status : Modified

Published: 2022-09-06T20:15:08.740

Modified: 2023-11-07T03:49:31.107

Link: CVE-2022-36043

JSON object: View

Redhat Information

No data.

CWE

CWE-415

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-36043", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2023-03-30T00:00:00", "dateReserved": "2022-07-15T00:00:00", "datePublished": "2022-09-06T00:00:00"}, "containers": {"cna": {"title": "Rizin Double Free in bobj.c when using qnx binary plugin", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue."}], "affected": [{"vendor": "rizinorg", "product": "rizin", "versions": [{"version": "<= 0.4.0", "status": "affected"}]}], "references": [{"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rjhv-mj4g-j4p5"}, {"url": "https://github.com/rizinorg/rizin/issues/2964"}, {"url": "https://github.com/rizinorg/rizin/commit/a3d50c1ea185f3f642f2d8180715f82d98840784"}, {"name": "GLSA-202209-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202209-06"}, {"name": "FEDORA-2023-af305bed3d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-415: Double Free", "cweId": "CWE-415"}]}], "source": {"advisory": "GHSA-rjhv-mj4g-j4p5", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E797DF4-7DCA-46AA-9A36-5C0064FE79CA", "versionEndIncluding": "0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue."}, {"lang": "es", "value": "Rizin es un marco de trabajo de ingenier\u00eda inversa tipo UNIX y un conjunto de herramientas de l\u00ednea de comandos. Las versiones 0.4.0 y anteriores son vulnerables a una doble liberaci\u00f3n en el archivo bobj.c:rz_bin_reloc_storage_free() cuando son liberadas reubicaciones generadas desde el plugin binario qnx. Un usuario que abra un binario qnx malicioso podr\u00eda verse afectado por esta vulnerabilidad, permitiendo a un atacante ejecutar c\u00f3digo en la m\u00e1quina del usuario. El commit n\u00famero a3d50c1ea185f3f642f2d8180715f82d98840784 contiene un parche para este problema.\n"}], "id": "CVE-2022-36043", "lastModified": "2023-11-07T03:49:31.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-09-06T20:15:08.740", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/commit/a3d50c1ea185f3f642f2d8180715f82d98840784"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/issues/2964"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-rjhv-mj4g-j4p5"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-06"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Secondary"}]}