CVE-2026-45324
Deferred Deferred - Pending Action
Double Free Vulnerability in Rizin Reverse Engineering Framework

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-05-30
AI Q&A
2026-05-30
EPSS Evaluated
N/A
NVD
CVE-2026-45324
EUVD
EUVD-2026-33424
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-45324 is a low-severity vulnerability in the Rizin reverse engineering framework, specifically in the byte_pattern_search() function within the cmd_search.c file.

The issue is a double free vulnerability caused by incorrect pointer ownership handling, meaning the function attempts to free the same memory address twice.

This can lead to memory corruption or crashes during execution.

The vulnerability has been fixed in commit 045fff3 by improving validation and correcting the freeing of memory.


How can this vulnerability impact me? :

This vulnerability can cause low impact on data integrity and availability by potentially leading to memory corruption or crashes in the Rizin software.

Exploitation requires physical access, high attack complexity, low privileges, and user interaction.

An attacker could cause the application to behave unexpectedly or crash, but the overall severity is low.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability is a double free in the byte_pattern_search() function of the Rizin reverse engineering framework. Detection involves identifying if the affected version of Rizin is in use and if the vulnerable search functions are called with invalid boundaries.

Since the vulnerability requires user interaction and physical access, network detection is limited. Instead, detection should focus on verifying the Rizin version and usage patterns.

You can check the Rizin version installed on your system by running:

  • rizin -v

If the version is prior to the commit 045fff3, it is vulnerable.

To detect if the vulnerable function is being triggered, monitor for crashes or memory corruption when using search commands in Rizin, especially if invalid boundaries are used.

There are no specific network commands to detect this vulnerability, but you can audit usage logs or scripts invoking Rizin's search functions with potentially invalid parameters.


What immediate steps should I take to mitigate this vulnerability?

The primary mitigation is to update Rizin to a version that includes the fix from commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

Until the patch is applied, avoid calling search functions with invalid boundaries, as this can trigger the double free vulnerability.

  • Apply the patch or upgrade Rizin to a version including commit 045fff3.
  • Avoid using search commands with invalid or unsupported boundary parameters.
  • Monitor and restrict user access to Rizin to prevent exploitation requiring physical access and user interaction.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart