rizin
Moderate fix1 remedy
cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.8.0
Rizin Heap-Based Buffer Overflow Vulnerability in UTF-8 Encoding Function
Vulnerability
Patched
A critical heap-based buffer overflow vulnerability has been identified in Rizin versions prior to 0.8.0. The issue arises in the function 'rz_utf8_encode' within the file '/librz/util/utf8.c'. This vulnerability requires local exploitation.
Impact
Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or a crash due to memory corruption.
Reproduction
The vulnerability can be reproduced by using the Rizin command-line tool 'rz-bin' with the '-z' option, which is used for string searching. The command should include a specially crafted string that exploits the buffer overflow vulnerability in the 'rz_utf8_encode' function. This can be done by referencing the proof-of-concept file 'poc' included in the 'rz-bin-poc-01.zip' archive.
Remediation
Users are advised to update to Rizin version 0.8.0 or later, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
2.5exploitability
6.0remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.