What is CVE-2023-40022?

CVE-2023-40022 is a high-severity vulnerability in Rizinorg Rizin, classified under Integer Overflow or Wraparound. CVSS score: 7.8/10. Published 2023-08-24.

How severe is CVE-2023-40022?

High severity. CVSS v3 base score is 7.8 out of 10.

Integer overflow in Rizinorg Rizin

CVE-2023-40022

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the…

Vulnerability class: Integer Overflow

EPSS: 0.001 (24.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Rizinorg Rizin — versions < 0.6.1

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

https://github.com/rizinorg/rizin/security/advisories/GHSA-92h6-wwc2-53cq (x_refsource_CONFIRM)
https://github.com/rizinorg/rizin/pull/3753 (x_refsource_MISC)
https://github.com/rizinorg/rz-libdemangle/pull/54 (x_refsource_MISC)
https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018 (x_refsource_MISC)
https://github.com/rizinorg/rz-libdemangle/blob/main/src/gnu_v2/cplus-dem.c#L419 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-40022?: CVE-2023-40022 is a high-severity vulnerability in Rizinorg Rizin, classified under Integer Overflow or Wraparound. CVSS score: 7.8/10. Published 2023-08-24.
How severe is CVE-2023-40022?: High severity. CVSS v3 base score is 7.8 out of 10.