CVE-2024-53256

CVSS V2 None CVSS V3 None
Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4.
Overview
  • CVE ID
  • CVE-2024-53256
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-23T15:17:50.587Z
  • Last Modified Date
  • 2024-12-24T01:55:31.439Z
History
Created Old Value New Value Data Type Notes
2024-12-24 13:18:52 Added to TrackCVE