{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22780", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-09T18:27:19.388Z", "datePublished": "2026-02-02T20:52:23.859Z", "dateUpdated": "2026-02-03T15:37:25.089Z"}, "containers": {"cna": {"title": "Rizin has a heap overflow on mach0_chained_fixups.c", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj"}, {"name": "https://github.com/rizinorg/rizin/issues/5768", "tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/issues/5768"}, {"name": "https://github.com/rizinorg/rizin/pull/5770", "tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/pull/5770"}, {"name": "https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989", "tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989"}, {"name": "https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200", "tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200"}, {"name": "https://github.com/rizinorg/rizin/releases/tag/v0.8.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/releases/tag/v0.8.2"}], "affected": [{"vendor": "rizinorg", "product": "rizin", "versions": [{"version": "< 0.8.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-02T20:52:23.859Z"}, "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2."}], "source": {"advisory": "GHSA-f3v7-xhmj-9cjj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-03T15:37:14.553207Z", "id": "CVE-2026-22780", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:37:25.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22780", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-03T15:37:14.553207Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-03T15:37:21.823Z"}}], "cna": {"title": "Rizin has a heap overflow on mach0_chained_fixups.c", "source": {"advisory": "GHSA-f3v7-xhmj-9cjj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "rizinorg", "product": "rizin", "versions": [{"status": "affected", "version": "< 0.8.2"}]}], "references": [{"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj", "name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/rizinorg/rizin/issues/5768", "name": "https://github.com/rizinorg/rizin/issues/5768", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rizinorg/rizin/pull/5770", "name": "https://github.com/rizinorg/rizin/pull/5770", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989", "name": "https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200", "name": "https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/rizinorg/rizin/releases/tag/v0.8.2", "name": "https://github.com/rizinorg/rizin/releases/tag/v0.8.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-02T20:52:23.859Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22780", "state": "PUBLISHED", "dateUpdated": "2026-02-03T15:37:25.089Z", "dateReserved": "2026-01-09T18:27:19.388Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-02T20:52:23.859Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00A5664-A784-4C49-9A16-7DC39DE648E5", "versionEndExcluding": "0.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2."}, {"lang": "es", "value": "Rizin es un framework de ingenier\u00eda inversa y conjunto de herramientas de l\u00ednea de comandos similar a UNIX. Antes de la 0.8.2, se puede explotar un desbordamiento de mont\u00edculo cuando un archivo mach0 malicioso, que contiene entradas falsas para los segmentos encadenados de dyld, es analizado por rizin. Esta vulnerabilidad est\u00e1 corregida en la 0.8.2."}], "id": "CVE-2026-22780", "lastModified": "2026-02-20T21:12:28.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-02T23:16:06.870", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/rizinorg/rizin/issues/5768"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/rizinorg/rizin/pull/5770"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/rizinorg/rizin/releases/tag/v0.8.2"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:16:52.747486+00:00", "value": {"mitigation_remediation": ["Upgrade to version 0.8.2 or later to receive the official fix", "If upgrading immediately is not possible, run Rizin in a sandboxed environment and restrict the process to a read\u2011only file system to prevent the interpreter from executing potentially malicious code", "Avoid opening any untrusted mach0 files and monitor for abnormal memory usage or crashes in the application"], "summary": {"action": "Immediate Patch", "impact": "Heap Overflow"}, "threat_synthesis": {"affected_systems": "The problem exists in all releases of Rizin prior to version 0.8.2, affecting all platforms supported by the project. The vendor rizinorg has supplied a fix in the 0.8.2 release, so any installation using an earlier version is affected.", "description_and_impact": "A heap overflow in the mach0_chained_fixups.c component of Rizin occurs when parsing a mach0 file containing malformed chained segment entries. The flaw, classified as CWE-770, can corrupt memory and, if exploited, may lead to arbitrary code execution or other severe stability violations. The description specifically indicates that the vulnerability can be exploited when a malicious file is processed by the application.", "risk_and_exploitability": "The CVSS score of 4.4 rates the issue as moderate, and the EPSS score of less than 1% suggests that real\u2011world exploitation is unlikely. The vulnerability requires that the attacker supply a crafted mach0 file to the program, meaning it can be exercised locally or via a supplied file on a shared system. The flaw is not listed in CISA's KEV catalog, further indicating low prevalence in the wild."}}}}, "created": "2026-02-04T12:17:48.533779+00:00", "updated": "2026-04-18T14:30:02.933017+00:00", "vendors": ["rizin", "rizin$PRODUCT$rizin"]}