Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora 41: FEDORA-2025-1290a47fff critical: Rizin Overflow Issues

fedora
Calendar Grey March 1, 2025
Dist Fedora Esm H88
Recent security patches for Fedora 41 focus on significant vulnerabilities such as heap corruption and stack smashing issues.
CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow...

Summary

Rizin is a free and open-source Reverse Engineering framework, providing a

complete binary analysis experience with features like Disassembler,

Hexadecimal editor, Emulation, Binary inspection, Debugger, and more.

Rizin is a fork of radare2 with a focus on usability, working features and code

cleanliness.

Update Information:

CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow via create_cache_bins CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical Fedora integer overflow command injection rizin

Change Log

* Wed Feb 19 2025 Peter Oliver - 0.7.4-5 - Rebuild against tree-sitter-0.25.2-3.fc43 * Mon Feb 3 2025 Peter Oliver - 0.7.4-4 - Rebuild against tree-sitter-0.25.1-6.fc42 * Sat Jan 18 2025 Fedora Release Engineering - 0.7.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Tue Dec 31 2024 Michal Ambroz - 0.7.4-2 - bump to version 0.7.4

References


[ 1 ] Bug #2333933 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2333933 [ 2 ] Bug #2333934 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2333934 [ 3 ] Bug #2340020 - cutter-re: FTBFS in Fedora rawhide/f42 https://bugzilla.redhat.com/show_bug.cgi?id=2340020 [ 4 ] Bug #2346253 - Non-responsive maintainer check for ret2libc https://bugzilla.redhat.com/show_bug.cgi?id=2346253

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1290a47fff' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rizin
Product: Fedora 41
Version: 0.7.4
Release: 5.fc41
URL: https://rizin.re/
Summary: UNIX-like reverse engineering framework and command-line tool-set

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical Fedora integer overflow command injection rizin

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here