CVE-2023-40022 (https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq): Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`. And then in the 0.6.2 release notes: * Fix multiple Use-After-Frees in disassembly and PYC parsing code * Fix division by zero in s++ and s-- commands * Fix infinite loop condition in parsing some ELF files * Fix various memory leaks
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=222bc9419c8b3e8b7e2f6b5d8b71516d7bdf767b commit 222bc9419c8b3e8b7e2f6b5d8b71516d7bdf767b Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-09-16 23:41:41 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-09-17 00:06:32 +0000 dev-util/rizin: add 0.6.2 Bug: https://bugs.gentoo.org/914338 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-util/rizin/Manifest | 2 + dev-util/rizin/rizin-0.6.2.ebuild | 98 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+)
Good to stabilize in a few days if nothing pops up.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=54756a4617beec5ca7f1fb73999816d3541bc001 commit 54756a4617beec5ca7f1fb73999816d3541bc001 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-09-25 04:48:45 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-09-25 04:49:21 +0000 dev-util/rizin: drop 0.5.1, 0.5.2, 0.6.1 Bug: https://bugs.gentoo.org/904413 Bug: https://bugs.gentoo.org/914338 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-util/rizin/Manifest | 6 --- dev-util/rizin/rizin-0.5.1.ebuild | 92 ------------------------------------ dev-util/rizin/rizin-0.5.2.ebuild | 97 -------------------------------------- dev-util/rizin/rizin-0.6.1.ebuild | 98 --------------------------------------- 4 files changed, 293 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ed1eca8367b81a777ad2c47f49e17e071890018 commit 7ed1eca8367b81a777ad2c47f49e17e071890018 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-09-25 04:48:01 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-09-25 04:49:21 +0000 dev-util/rizin: stabilize 0.6.2 for amd64 Bug: https://bugs.gentoo.org/914338 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-util/rizin/rizin-0.6.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
