wargio

7 exploits Active since Sep 2022
CVE-2022-36039 WRITEUP HIGH WRITEUP
rizin < 0.4.0 - Out-of-bounds Write in DEX File Parser
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to out-of-bounds write when parsing DEX files. A user opening a malicious DEX file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. A patch is available on the `dev` branch of the repository.
CVSS 7.8
CVE-2022-36040 WRITEUP HIGH WRITEUP
rizin < 0.4.0 - Out-of-bounds Write via PYC File Parsing
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch.
CVSS 7.8
CVE-2022-36041 WRITEUP HIGH WRITEUP
rizin < 0.4.0 - Out-of-bounds Write in Mach-O File Parser
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch.
CVSS 7.8
CVE-2022-36043 WRITEUP HIGH WRITEUP
rizin < 0.4.0 - Use-After-Free in QNX Binary Relocation Handler
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue.
CVSS 7.8
CVE-2022-36044 WRITEUP HIGH WRITEUP
rizin < 0.4.0 - Out-of-bounds Write via Luac File Parsing
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.
CVSS 7.8
CVE-2024-31669 WRITEUP HIGH WRITEUP
rizin < 0.6.3 - Uncontrolled Resource Consumption in PE Import Parser
rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.
CVSS 7.5
CVE-2024-31670 WRITEUP MEDIUM WRITEUP
rizin < 0.6.3 - Buffer Overflow in dyldcache.c
rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.
CVSS 6.3