Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: rizin

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-22780
4.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 1 month, 3 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @jopejoe1 removed
    2 packages
    • rizinPlugins.sigdb
    • cutterPlugins.sigdb
    1 month, 3 weeks ago
  • @jopejoe1 accepted 1 month, 3 weeks ago
  • @jopejoe1 removed maintainer @chayleaf 1 month, 3 weeks ago
  • @jopejoe1 published on GitHub 1 month, 3 weeks ago
Rizin has a heap overflow on mach0_chained_fixups.c

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.

References

Affected products

rizin
  • ==< 0.8.2

Matching in nixpkgs

pkgs.rizin

UNIX-like reverse engineering framework and command-line toolset

Package maintainers

Upstream fix: https://github.com/rizinorg/rizin/releases/tag/v0.8.2
Upstream advisory: https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj
Unstable fix: https://github.com/NixOS/nixpkgs/pull/486103