CVE-2024-31670

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 120

Summary

CVE-2024-31670 is a newly disclosed vulnerability affecting rizin before version 0.6.3. The issue stems from buffer overflow vulnerabilities in the create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions present in librz/bin/format/mach0/dyldcache.c. An attacker can exploit this vulnerability by providing specially crafted input to trigger the buffer overflow, potentially leading to arbitrary code execution on the target system. This poses a significant risk to users, as rizin is a widely used dynamic binary analyzer. It is recommended that users upgrade to the latest version of rizin to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share