CVE-2026-45324

Summary

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

Affected Software

VendorProductVersion RangeStatus
rizinorgrizin< 045fff363b42b8a6dda8ad5229c29ec3267e7dbeaffected

Weaknesses

  • CWE-415: CWE-415: Double Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References