Fedora 37 update for cutter-re, rizin
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2022-34612 CVE-2022-36040 CVE-2022-36041 CVE-2022-36042 CVE-2022-36043 CVE-2022-36044 CVE-2023-27590 |
| CWE-ID | CWE-190 CWE-787 CWE-415 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system rizin Operating systems & Components / Operating system package or component cutter-re Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU67635
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-34612
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the get_long_object() function. A remote attacker can trick the victim to open a specially crafted file, trigger an integer overflow and perform a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 37
rizin: before 0.5.2-1.fc37
cutter-re: before 2.2.1-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:rizin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:cutter-re:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU67177
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-36040
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when getting data from PYC(python) files in pyc/marshal.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
rizin: before 0.5.2-1.fc37
cutter-re: before 2.2.1-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:rizin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:cutter-re:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU67179
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-36041
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when parsing Mach-O files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
rizin: before 0.5.2-1.fc37
cutter-re: before 2.2.1-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:rizin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:cutter-re:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU67180
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-36042
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when getting data from dyld cache files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
rizin: before 0.5.2-1.fc37
cutter-re: before 2.2.1-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:rizin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:cutter-re:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Double Free
EUVDB-ID: #VU67182
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-36043
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the bobj.c:rz_bin_reloc_storage_free() function when freeing relocations generated from QNX binary plugin. A remote attacker can trick a victim to open a specially crafted file, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
rizin: before 0.5.2-1.fc37
cutter-re: before 2.2.1-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:rizin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:cutter-re:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU67184
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-36044
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when getting data from Luac files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
rizin: before 0.5.2-1.fc37
cutter-re: before 2.2.1-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:rizin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:cutter-re:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU74033
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-27590
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling GDB registers files. A remote attacker can trick the victim to open a specially crafted GDB registers file, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 37
rizin: before 0.5.2-1.fc37
cutter-re: before 2.2.1-1.fc37
CPE2.3- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:rizin:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:cutter-re:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2023-4b892d116d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
