Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function.
CVSS Information
N/A
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
Rizin 缓冲区错误漏洞
Vulnerability Description
Rizin是Rizin组织的一个免费的开源逆向工程框架。用于分析二进制文件、反汇编代码、调试程序、作为取证工具、作为能够打开磁盘文件的可编写脚本的命令行十六进制编辑器等等。 Rizin 存在安全漏洞,该漏洞源于create_section_from_phdr函数通过处理标头为 ELF 部分数据分配空间。攻击者可利用该漏洞构造标头实现越界读取,并可能通过二进制对象的回调函数执行代码。
CVSS Information
N/A
Vulnerability Type
N/A