Fedora 38 : cutter-re / rizin (2023-af305bed3d)

high Nessus Plugin ID 173663

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-af305bed3d advisory.

- Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object().
This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.
(CVE-2022-34612)

- Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from dyld cache files. A user opening a malicious dyld cache file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810 contains a patch. (CVE-2022-36042)

- Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch. (CVE-2022-36040)

- Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine.
Commit number 7323e64d68ecccfb0ed3ee480f704384c38676b2 contains a patch. (CVE-2022-36041)

- Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue. (CVE-2022-36043)

- Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine.
Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue. (CVE-2022-36044)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected cutter-re and / or rizin packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2023-af305bed3d

Plugin Details

Severity: High

ID: 173663

File Name: fedora_2023-af305bed3d.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/29/2023

Updated: 4/20/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-36044

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:cutter-re, p-cpe:/a:fedoraproject:fedora:rizin

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2023

Vulnerability Publication Date: 7/27/2022

Reference Information

CVE: CVE-2022-34612, CVE-2022-36040, CVE-2022-36041, CVE-2022-36042, CVE-2022-36043, CVE-2022-36044