Vulnerabilities > CVE-2023-30226 - Excessive Iteration vulnerability in Rizin

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

rizin

CWE-834

NVD

Published: 2023-07-12

Updated: 2023-07-18

Summary

An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.

Vulnerable Configurations

Part	Description	Count
Application	Rizin Rizin Rizin - Rizin Rizin 0.1.0 Rizin Rizin 0.1.1 Rizin Rizin 0.1.2 Rizin Rizin 0.2.0 Rizin Rizin 0.2.1 Rizin Rizin 0.3.0 Rizin Rizin 0.3.1 Rizin Rizin 0.3.2 Rizin Rizin 0.3.3 Rizin Rizin 0.3.4 Rizin Rizin 0.4.0 Rizin Rizin 0.4.1	13

Common Weakness Enumeration (CWE)

CWE-834 - Excessive Iteration

References

https://github.com/rizinorg/rizin/commit/a6d89de0d44e776f9bccc3a168fdc79f604e14ed
https://github.com/ifyGecko/CVE-2023-30226