Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq
Patch x_refsource_misc
https://github.com/rizinorg/rizin/pull/3753
Patch x_refsource_misc
https://github.com/rizinorg/rz-libdemangle/pull/54
Patch x_refsource_misc
https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018
Product x_refsource_misc
https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
23.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-190
Status
published
Products (1)
rizin/rizin
< 0.6.1
Published
Aug 24, 2023
Tracked Since
Feb 18, 2026