CVE-2022-36044 — HIGH (7.8)

Q: How severe is CVE-2022-36044?

CVE-2022-36044 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-36044?

Check the references section above for vendor advisories and patch information. Affected products include: Rizin Rizin.

Vulnerability Description

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rizin	Rizin	<= 0.4.0

Related Weaknesses (CWE)

CWE-787

References

https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cPatchThird Party Advisory
https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460cPatchThird Party Advisory
https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5qThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202209-06Third Party Advisory
https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cPatchThird Party Advisory
https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460cPatchThird Party Advisory
https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5qThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202209-06Third Party Advisory

FAQ

What is CVE-2022-36044?

CVE-2022-36044 is a vulnerability with a CVSS score of 7.8 (HIGH). Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malic...

How severe is CVE-2022-36044?

CVE-2022-36044 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-36044?

Check the references section above for vendor advisories and patch information. Affected products include: Rizin Rizin.