Main Vulnerability Database Vulnerabilities #VU61878

Use-after-free in Rizin - CVE-2021-4022

Published: April 5, 2022

Vulnerability identifier: #VU61878

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-4022

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Rizin

Software vendor:
Rizin

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing files in the rz_core_analysis_type_match. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://github.com/rizinorg/rizin/issues/2015
https://github.com/rizinorg/rizin/pull/2031
https://github.com/rizinorg/rizin/commit/21584e416cdcef2fa7d855c5aabf592a965f0e8d
https://github.com/rizinorg/rizin/commit/6ce71d8aa3dafe3cdb52d5d72ae8f4b95916f939

Use-after-free in Rizin - CVE-2021-4022

Description

Remediation

External links

Please verify you're human