CVE-2023-40022

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-40022

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-40022.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-40022

Aliases

GHSA-92h6-wwc2-53cq

Published

2023-08-24T22:50:57.457Z

Modified

2025-11-17T06:23:27.974061Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Rizin vulnerable to Integer Overflow in C++ demangler logic

Details

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consume_count of src/gnu_v2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option bin.demangle=false.

Database specific

{
    "cwe_ids": [
        "CWE-190"
    ]
}

References

Affected packages

Git / github.com/rizinorg/rizin

Affected ranges

Type: GIT
Repo: https://github.com/rizinorg/rizin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d9af48b56e47afadd1a77e74c12099efd5e8e19e

Affected versions

0.*

0.1.0

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.6.0

Git / github.com/rizinorg/rz-libdemangle

Affected ranges

Type: GIT
Repo: https://github.com/rizinorg/rz-libdemangle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

51d016750e704b27ab8ace23c0f72acabca67018

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018",
        "signature_type": "Line",
        "id": "CVE-2023-40022-20ab1dc3",
        "target": {
            "file": "test/test_cxx_gnu_v2.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "173805491189666472246989821194758220784",
                "77494389211812549061820667115001734104"
            ]
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/rizinorg/rz-libdemangle/commit/51d016750e704b27ab8ace23c0f72acabca67018",
        "signature_type": "Line",
        "id": "CVE-2023-40022-f2285001",
        "target": {
            "file": "src/gnu_v2/cplus-dem.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "226571278237447313192644333707904407825",
                "56254276284438013358134424991968872862",
                "187849294898358650687268395890063097338",
                "275882997484359699344374885738579807230"
            ]
        },
        "deprecated": false
    }
]