CVE-2023-27590

CVSS V2 None CVSS V3 None
Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.
Overview
  • CVE ID
  • CVE-2023-27590
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-14T21:15:10
  • Last Modified Date
  • 2023-03-21T15:00:44
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:* 1 OR 0.5.1
History
Created Old Value New Value Data Type Notes
2023-04-17 06:29:25 Added to TrackCVE
2023-04-17 06:29:27 Weakness Enumeration new