Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: 2025-6f77f6c77a critical: Rizin command injection fix

fedora
Calendar Grey March 1, 2025
Dist Fedora Esm H88
The latest update for Fedora's cutter package addresses various Rizin-related vulnerabilities, notably resolving buffer overflow and command execution risks.
CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow...

Summary

Cutter is a Qt and C++ GUI for Rizin. Its goal is making an advanced,

customizable and FOSS reverse-engineering platform while keeping the user

experience at mind. Cutter is created by reverse engineers for reverse

engineers.

Update Information:

CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow via create_cache_bins CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code rizin 0.7.2 / cutter-re 2.3.4 (fix changelog) rizin 0.7.2 / cutter-re 2.3.4

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora command injection resource consumption resource issue Rizin rizin uncontrolled consumption

Change Log

* Thu Jan 16 2025 Fedora Release Engineering - 2.3.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jan 1 2025 Michal Ambroz - 2.3.4-5 - Rebuild with new version of rizin 0.7.4 * Wed Jul 17 2024 Fedora Release Engineering - 2.3.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

References


[ 1 ] Bug #2333933 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2333933 [ 2 ] Bug #2333934 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333934 [ 3 ] Bug #2340020 - cutter-re: FTBFS in Fedora rawhide/f42 https://bugzilla.redhat.com/show_bug.cgi?id=2340020 [ 4 ] Bug #2346253 - Non-responsive maintainer check for ret2libc https://bugzilla.redhat.com/show_bug.cgi?id=2346253

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6f77f6c77a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cutter-re
Product: Fedora 40
Version: 2.3.4
Release: 6.fc40
URL: https://cutter.re/
Summary: GUI for Rizin reverse engineering framework

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora command injection resource consumption resource issue Rizin rizin uncontrolled consumption

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here