Description

Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4.

INFO

Published Date :

2024-12-23T15:17:50.587Z

Last Modified :

2024-12-24T01:55:31.439Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-53256 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-53256.

URL Resource
https://github.com/rizinorg/rizin/blob/be24ca8879ed9c58f288bdf21c271b6294720da4/librz/main/rizin.c#L1275-L1278 cve-icon cve-icon
https://github.com/rizinorg/rizin/commit/db6c5b39c065ce719f587c9815c47fbb834b10fa cve-icon cve-icon
https://github.com/rizinorg/rizin/security/advisories/GHSA-5jhc-frm4-p8v9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact