Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rizin Out-of-bounds Write vulnerability in pyc/marshal.c
Vulnerability Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨界内存写
Vulnerability Title
Rizin 缓冲区错误漏洞
Vulnerability Description
Rizin是Rizin组织的一个免费的开源逆向工程框架。用于分析二进制文件、反汇编代码、调试程序、作为取证工具、作为能够打开磁盘文件的可编写脚本的命令行十六进制编辑器等等。 Rizin 0.4.0 及之前版本存在缓冲区错误漏洞,该漏洞源于从 PYC(python) 文件获取数据时,容易受到越界写入的影响,攻击者利用该漏洞可以在用户的计算机上执行代码。
CVSS Information
N/A
Vulnerability Type
N/A