904413 – (CVE-2023-27590) <dev-util/rizin-0.5.2: stack buffer overflow in GDB registers profile file parsing

Bug 904413 (CVE-2023-27590) - <dev-util/rizin-0.5.2: stack buffer overflow in GDB registers profile file parsing

Summary: <dev-util/rizin-0.5.2: stack buffer overflow in GDB registers profile file pa...

Status:	RESOLVED FIXED

Alias:	CVE-2023-27590

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/rizinorg/rizin/sec...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2023-04-16 18:42 UTC by John Helmert III
Modified:	2023-09-25 04:50 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-04-16 18:42:11 UTC

CVE-2023-27590:

Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.

Comment 1 Larry the Git Cow gentoo-dev

2023-04-16 18:52:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2218db506d4083a0a6a91f37ceab5057f4a93f4b

commit 2218db506d4083a0a6a91f37ceab5057f4a93f4b
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-04-16 18:08:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-04-16 18:42:24 +0000

    dev-util/rizin: add 0.5.2 without broken tests
    
    Bug: https://bugs.gentoo.org/904413
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-util/rizin/Manifest           |  2 +
 dev-util/rizin/rizin-0.5.2.ebuild | 95 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2023-04-30 23:36:43 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e3d826e0a2ec5950dd9f690cd384b46bcffc5e1c

commit e3d826e0a2ec5950dd9f690cd384b46bcffc5e1c
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-04-30 23:32:29 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-04-30 23:34:50 +0000

    dev-util/rizin: stabilize 0.5.2 for amd64
    
    Bug: https://bugs.gentoo.org/904413
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-util/rizin/rizin-0.5.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Larry the Git Cow gentoo-dev

2023-09-25 04:49:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54756a4617beec5ca7f1fb73999816d3541bc001

commit 54756a4617beec5ca7f1fb73999816d3541bc001
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-09-25 04:48:45 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-09-25 04:49:21 +0000

    dev-util/rizin: drop 0.5.1, 0.5.2, 0.6.1
    
    Bug: https://bugs.gentoo.org/904413
    Bug: https://bugs.gentoo.org/914338
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-util/rizin/Manifest           |  6 ---
 dev-util/rizin/rizin-0.5.1.ebuild | 92 ------------------------------------
 dev-util/rizin/rizin-0.5.2.ebuild | 97 --------------------------------------
 dev-util/rizin/rizin-0.6.1.ebuild | 98 ---------------------------------------
 4 files changed, 293 deletions(-)