CVE-2026-45324NVD

Vulnerability Summary

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

Severity Level

LOW(3.3)

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-415: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

EPSS Score (30-Day)

0.02%Probability

CVSS v3.1 Base Metrics

Attack VectorPhysical

Attack ComplexityHigh

Privileges RequiredLow

User InteractionRequired

ScopeChanged

ConfidentialityNone

IntegrityLow

AvailabilityLow

External References

https://github.com/rizinorg/rizin/commit/045fff363b42b8a6dda8ad5229c29ec3267e7dbe
https://github.com/rizinorg/rizin/security/advisories/GHSA-2377-chx7-xf7c