{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T21:48:29.880","vulnerabilities":[{"cve":{"id":"CVE-2026-22780","sourceIdentifier":"security-advisories@github.com","published":"2026-02-02T23:16:06.870","lastModified":"2026-02-20T21:12:28.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2."},{"lang":"es","value":"Rizin es un framework de ingeniería inversa y conjunto de herramientas de línea de comandos similar a UNIX. Antes de la 0.8.2, se puede explotar un desbordamiento de montículo cuando un archivo mach0 malicioso, que contiene entradas falsas para los segmentos encadenados de dyld, es analizado por rizin. Esta vulnerabilidad está corregida en la 0.8.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.2","matchCriteriaId":"E00A5664-A784-4C49-9A16-7DC39DE648E5"}]}]}],"references":[{"url":"https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/rizinorg/rizin/issues/5768","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/rizinorg/rizin/pull/5770","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/rizinorg/rizin/releases/tag/v0.8.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}