- Description
- Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-78
- Hype score
- Not currently trending
CVE-2024-53256 (CVSS:7.8, HIGH) is Awaiting Analysis. Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code ..https://t.co/f6vwnordPs #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
28 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53256 (CVSS:7.8, HIGH) is Awaiting Analysis. Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code ..https://t.co/f6vwnordPs #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
27 Dec 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2024-53256 - https://t.co/lf7LJT298k #OSINT #ThreatIntel #CyberSecurity #cve_2024_53256
@RedPacketSec
24 Dec 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53256 Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usa… https://t.co/5Yox4cAjsA
@CVEnew
23 Dec 2024
508 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes