CVE-2021-43814 HIGH

CVE-2021-43814: Heap-based OOB write when parsing dwarf DIE info in Rizin

Vendor Rizinorg
Product rizin
Weakness CWE-787
Published December 13, 2021
Last update August 4, 2024

CVSS base score

7.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.

Key dates

02Disclosure timeline

December 13, 2021 CVE published
August 4, 2024 Record updated