Rizin is a UNIX-like reverse engineering framework and command-line toolset. rizin.c
still had an old snippet of code which suffered a command injection due the usage of rz_core_cmdf
to invoke the command m
which was removed in v0.1.x. A malicious binary defining bclass
(part of RzBinInfo) is executed if rclass
(part of RzBinInfo) is set to fs
; the vulnerability can be exploited by any bin format where bclass
and rclass
are user defined. This vulnerability is fixed in 0.7.4.