---

CVE-2021-4022 - log back

CVE-2021-4022 edited at 04 Apr 2022 22:03:10

Description

- A specially crafted binary can make Rizin segfault when it tries to analyze it (doing a full analysis with aaa). + A specially crafted binary can make Rizin segfault when it tries to analyze it (doing a full analysis with aaa). In rz_core_analysis_type_match retctx structure was initialized on the stack only after a "goto out_function", where a field of that structure was freed. When the goto path is taken, the field is not properly initialized and it could cause a crash of Rizin or have other effects.

CVE-2021-4022 edited at 04 Apr 2022 21:39:58
Remote	- Remote + Local

CVE-2021-4022 edited at 04 Apr 2022 21:36:39
References	https://github.com/rizinorg/rizin/issues/2015 https://github.com/rizinorg/rizin/pull/2031 https://github.com/rizinorg/rizin/commit/21584e416cdcef2fa7d855c5aabf592a965f0e8d + https://github.com/rizinorg/rizin/commit/6ce71d8aa3dafe3cdb52d5d72ae8f4b95916f939

CVE-2021-4022 edited at 13 Dec 2021 21:15:12
Description	- A specially crafted binary can make rizin segfault when it tries to analyze it (doing a full analysis with aaa). + A specially crafted binary can make Rizin segfault when it tries to analyze it (doing a full analysis with aaa).

CVE-2021-4022 edited at 27 Nov 2021 12:59:54
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ A specially crafted binary can make rizin segfault when it tries to analyze it (doing a full analysis with aaa).
References	+ https://github.com/rizinorg/rizin/issues/2015 + https://github.com/rizinorg/rizin/pull/2031 + https://github.com/rizinorg/rizin/commit/21584e416cdcef2fa7d855c5aabf592a965f0e8d
Notes

CVE-2021-4022 created at 27 Nov 2021 12:58:46