CVE-2021-4022 - log back

CVE-2021-4022 edited at 04 Apr 2022 22:03:10
Description
- A specially crafted binary can make Rizin segfault when it tries to analyze it (doing a full analysis with aaa).
+ A specially crafted binary can make Rizin segfault when it tries to analyze it (doing a full analysis with aaa). In rz_core_analysis_type_match retctx structure was initialized on the stack only after a "goto out_function", where a field of that structure was freed. When the goto path is taken, the field is not properly initialized and it could cause a crash of Rizin or have other effects.
CVE-2021-4022 edited at 04 Apr 2022 21:39:58
Remote
- Remote
+ Local
CVE-2021-4022 edited at 04 Apr 2022 21:36:39
References
https://github.com/rizinorg/rizin/issues/2015
https://github.com/rizinorg/rizin/pull/2031
https://github.com/rizinorg/rizin/commit/21584e416cdcef2fa7d855c5aabf592a965f0e8d
+ https://github.com/rizinorg/rizin/commit/6ce71d8aa3dafe3cdb52d5d72ae8f4b95916f939
CVE-2021-4022 edited at 13 Dec 2021 21:15:12
Description
- A specially crafted binary can make rizin segfault when it tries to analyze it (doing a full analysis with aaa).
+ A specially crafted binary can make Rizin segfault when it tries to analyze it (doing a full analysis with aaa).
CVE-2021-4022 edited at 27 Nov 2021 12:59:54
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A specially crafted binary can make rizin segfault when it tries to analyze it (doing a full analysis with aaa).
References
+ https://github.com/rizinorg/rizin/issues/2015
+ https://github.com/rizinorg/rizin/pull/2031
+ https://github.com/rizinorg/rizin/commit/21584e416cdcef2fa7d855c5aabf592a965f0e8d
Notes
CVE-2021-4022 created at 27 Nov 2021 12:58:46