Vulnerabilities > CVE-2021-4022 - Use After Free vulnerability in Rizin

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

rizin

CWE-416

NVD

Published: 2022-08-25

Updated: 2022-12-21

Summary

A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When a specially crafted binarygets analysed by rizin, it causes rizin to crash by freeing an uninitialized (and potentially user controlled, depending on the build) memory address.

Vulnerable Configurations

Part	Description	Count
Application	Rizin Rizin Rizin - Rizin Rizin 0.1.0 Rizin Rizin 0.1.1 Rizin Rizin 0.1.2 Rizin Rizin 0.2.0 Rizin Rizin 0.2.1 Rizin Rizin 0.3.0 Rizin Rizin 0.3.1	8

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://github.com/rizinorg/rizin/issues/2015