CVE-2026-45613 - Vulnerability Details - OpenCVE

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Rizin	Rizin

No data.

No data.

References

Link	Providers
https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47
https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v

History

Mon, 01 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 30 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Rizin Rizin rizin
Vendors & Products		Rizin Rizin rizin

Fri, 29 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.
Title		Rizin: Heap-buffer-overflow in OMF parser
Weaknesses		CWE-125
References		https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47 https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v
Metrics		cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-29T19:07:49.291Z

Updated: 2026-06-01T17:49:51.250Z

Reserved: 2026-05-12T20:31:43.448Z

Link: CVE-2026-45613

Vulnrichment

Updated: 2026-06-01T17:49:33.917Z

NVD

Status : Deferred

Published: 2026-05-29T20:16:26.890

Modified: 2026-05-29T20:21:38.773

Link: CVE-2026-45613

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45613", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-05-12T20:31:43.448Z", "datePublished": "2026-05-29T19:07:49.291Z", "dateUpdated": "2026-06-01T17:49:51.250Z"}, "containers": {"cna": {"title": "Rizin: Heap-buffer-overflow in OMF parser", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v"}, {"name": "https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47", "tags": ["x_refsource_MISC"], "url": "https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47"}], "affected": [{"vendor": "rizinorg", "product": "rizin", "versions": [{"version": "< e6d0937c8a083e23ed76ccfb9f631cdc50c7af47", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-29T19:07:49.291Z"}, "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47."}], "source": {"advisory": "GHSA-wprr-wrcw-mw6v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-01T17:49:24.969246Z", "id": "CVE-2026-45613", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T17:49:51.250Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-45613", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-01T17:49:24.969246Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T17:49:33.917Z"}}], "cna": {"title": "Rizin: Heap-buffer-overflow in OMF parser", "source": {"advisory": "GHSA-wprr-wrcw-mw6v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "rizinorg", "product": "rizin", "versions": [{"status": "affected", "version": "< e6d0937c8a083e23ed76ccfb9f631cdc50c7af47"}]}], "references": [{"url": "https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v", "name": "https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47", "name": "https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-29T19:07:49.291Z"}}}, "cveMetadata": {"cveId": "CVE-2026-45613", "state": "PUBLISHED", "dateUpdated": "2026-06-01T17:49:51.250Z", "dateReserved": "2026-05-12T20:31:43.448Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-05-29T19:07:49.291Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}