CVE-2023-30226

MEDIUM

rizin < 0.5.0 - Denial of Service via Crafted ELF File in get_gnu_verneed

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30226. PoCs published by ifyGecko.

AI-analyzed exploit summary CVE-2023-30226 is a denial-of-service vulnerability in Rizin's ELF parser, where a crafted DT_VERNEEDNUM value causes an infinite loop during parsing. The issue was patched in commit 4564986ef29f8872a95733416ce0a860ac2aa7e5.

Description

An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.

Exploits (1)

nomisec WRITEUP
by ifyGecko · poc
https://github.com/ifyGecko/CVE-2023-30226

CVE-2023-30226 is a denial-of-service vulnerability in Rizin's ELF parser, where a crafted DT_VERNEEDNUM value causes an infinite loop during parsing. The issue was patched in commit 4564986ef29f8872a95733416ce0a860ac2aa7e5.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Rizin (versions prior to v0.5.0)
No auth needed
Prerequisites: A crafted ELF file with a malformed DT_VERNEEDNUM value
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.5
EPSS 0.0032
EPSS Percentile 23.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-834
Status published
Products (1)
rizin/rizin < 0.5.0
Published Jul 12, 2023
Tracked Since Feb 18, 2026