CVE-2021-43814 - Vulnerability Details - OpenCVE

ReportizFlow

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rizin	Rizin

Configuration 1 [-]

cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406
https://github.com/rizinorg/rizin/issues/2083
https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-12-13T19:35:12

Updated: 2024-08-04T04:03:09.036Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43814

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-13T20:15:07.640

Modified: 2024-11-21T06:29:50.923

Link: CVE-2021-43814

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "rizin", "vendor": "rizinorg", "versions": [{"status": "affected", "version": "<= 0.3.1"}]}], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-13T19:35:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}], "source": {"advisory": "GHSA-hqqp-vjcm-mw8r", "discovery": "UNKNOWN"}, "title": "Heap-based OOB write when parsing dwarf DIE info in Rizin", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2021-43814", "STATE": "PUBLIC", "TITLE": "Heap-based OOB write when parsing dwarf DIE info in Rizin"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "rizin", "version": {"version_data": [{"version_value": "<= 0.3.1"}]}}]}, "vendor_name": "rizinorg"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787: Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r", "refsource": "CONFIRM", "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}, {"name": "https://github.com/rizinorg/rizin/issues/2083", "refsource": "MISC", "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"name": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406", "refsource": "MISC", "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}]}, "source": {"advisory": "GHSA-hqqp-vjcm-mw8r", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:09.036Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43814", "datePublished": "2021-12-13T19:35:12", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:09.036Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDF54820-3CA2-49DC-9B65-DF480E8AF596", "versionEndIncluding": "0.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade."}, {"lang": "es", "value": "Rizin es un marco de trabajo de ingenier\u00eda inversa de tipo UNIX y un conjunto de herramientas de l\u00ednea de comandos. En versiones hasta 0.3.1 incluy\u00e9ndola, se presenta una escritura fuera de l\u00edmites en la regi\u00f3n heap de la memoria en la funci\u00f3n parse_die() cuando es invertido un binario ELF AMD64 con informaci\u00f3n de depuraci\u00f3n DWARF. Cuando un usuario v\u00edctima abre un binario ELF AMD64 malicioso, Rizin puede bloquearse o ejecutar acciones no deseadas. No se conocen soluciones y se aconseja a los usuarios que actualicen"}], "id": "CVE-2021-43814", "lastModified": "2024-11-21T06:29:50.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-12-13T20:15:07.640", "references": [{"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/commit/aa6917772d2f32e5a7daab25a46c72df0b5ea406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/issues/2083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-hqqp-vjcm-mw8r"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Secondary"}]}