CVE-2026-45613: CWE-125: Out-of-bounds Read in rizinorg rizin
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.
AI Analysis
Technical Summary
Rizin, a UNIX-like reverse engineering toolset, contained a heap-buffer-overflow vulnerability (CWE-125) in the file librz/bin/format/omf/omf.c. This out-of-bounds read could potentially lead to limited information disclosure but does not affect integrity or availability. The issue was resolved by a specific commit (e6d0937c8a083e23ed76ccfb9f631cdc50c7af47). The CVSS 3.1 vector indicates the attack requires local access with low complexity and user interaction, and results in low confidentiality impact only.
Potential Impact
The vulnerability allows a local attacker with user interaction to perform an out-of-bounds read on the heap, potentially leaking limited information. There is no impact on integrity or availability. Given the low CVSS score (3.3) and absence of known exploits, the impact is considered low.
Mitigation Recommendations
A fix for this vulnerability is available in the rizin source code as of commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47. Users should update to a version including this commit to remediate the issue. Patch status is confirmed by the commit reference; no additional vendor advisory was provided. No other mitigation actions are indicated.
CVE-2026-45613: CWE-125: Out-of-bounds Read in rizinorg rizin
Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.
CVSS v3.1
Score 3.3low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Rizin, a UNIX-like reverse engineering toolset, contained a heap-buffer-overflow vulnerability (CWE-125) in the file librz/bin/format/omf/omf.c. This out-of-bounds read could potentially lead to limited information disclosure but does not affect integrity or availability. The issue was resolved by a specific commit (e6d0937c8a083e23ed76ccfb9f631cdc50c7af47). The CVSS 3.1 vector indicates the attack requires local access with low complexity and user interaction, and results in low confidentiality impact only.
Potential Impact
The vulnerability allows a local attacker with user interaction to perform an out-of-bounds read on the heap, potentially leaking limited information. There is no impact on integrity or availability. Given the low CVSS score (3.3) and absence of known exploits, the impact is considered low.
Mitigation Recommendations
A fix for this vulnerability is available in the rizin source code as of commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47. Users should update to a version including this commit to remediate the issue. Patch status is confirmed by the commit reference; no additional vendor advisory was provided. No other mitigation actions are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-12T20:31:43.448Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a19e68ee29bf47b50037d6a
Added to database: 5/29/2026, 7:18:38 PM
Last enriched: 5/29/2026, 7:33:51 PM
Last updated: 5/29/2026, 8:23:19 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.