Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-45324
3.3 LOW
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Physical (P)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): Low (L)
- User Interaction (UI): Required (R)
- Scope (S): Changed (C)
- Confidentiality (C): None (N)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Physical (P)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): Required (R)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Rizin: Double free in cmd_search.c
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.
References
Affected products
rizin
- ==< 045fff363b42b8a6dda8ad5229c29ec3267e7dbe
Matching in nixpkgs
pkgs.rizin
UNIX-like reverse engineering framework and command-line toolset
pkgs.rizinPlugins.sigdb
Rizin FLIRT Signature Database
-
nixos-unstable 2023-08-23
- nixpkgs-unstable 2023-08-23
- nixos-unstable-small 2023-08-23
-
nixos-25.11 2023-08-23
- nixos-25.11-small 2023-08-23
- nixpkgs-25.11-darwin 2023-08-23
pkgs.cutterPlugins.sigdb
Rizin FLIRT Signature Database
-
nixos-unstable 2023-08-23
- nixpkgs-unstable 2023-08-23
- nixos-unstable-small 2023-08-23
-
nixos-25.11 2023-08-23
- nixos-25.11-small 2023-08-23
- nixpkgs-25.11-darwin 2023-08-23
Package maintainers
-
@chayleaf Anna Pavlyuk <chayleaf-nix@pavluk.org>
-
@makefu Felix Richter <makefu@syntax-fehler.de>
-
@7c6f434c Michael Raskin <7c6f434c@mail.ru>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>