Vulnerability Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rizin | Rizin | < 0.8.2 |
Related Weaknesses (CWE)
References
- https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/Patch
- https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c98Patch
- https://github.com/rizinorg/rizin/issues/5768Issue Tracking
- https://github.com/rizinorg/rizin/pull/5770Issue Tracking
- https://github.com/rizinorg/rizin/releases/tag/v0.8.2ProductRelease Notes
- https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjjPatchVendor Advisory
FAQ
What is CVE-2026-22780?
CVE-2026-22780 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained seg...
How severe is CVE-2026-22780?
CVE-2026-22780 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-22780?
Check the references section above for vendor advisories and patch information. Affected products include: Rizin Rizin.