CVE-2026-22780
- Source
- https://cve.org/CVERecord?id=CVE-2026-22780
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22780.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-22780
- Aliases
-
- GHSA-f3v7-xhmj-9cjj
- Published
- 2026-02-02T20:52:23.859Z
- Modified
- 2026-03-01T02:56:16.038119Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- Rizin has a heap overflow on mach0_chained_fixups.c
- Details
-
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-770" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22780.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22780.json
- https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200
- https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989
- https://github.com/rizinorg/rizin/issues/5768
- https://github.com/rizinorg/rizin/pull/5770
- https://github.com/rizinorg/rizin/releases/tag/v0.8.2
- https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj
- https://nvd.nist.gov/vuln/detail/CVE-2026-22780
Affected packages
Git / github.com/rizinorg/rizin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rizinorg/rizin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed