{"id":"CVE-2024-31668","details":"rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta.","modified":"2026-04-12T07:01:47.936692Z","published":"2024-12-17T22:15:06.677Z","references":[{"type":"ADVISORY","url":"https://gist.github.com/Crispy-fried-chicken/cb0b3a653a43a2fe2361641eddd8330d"},{"type":"FIX","url":"https://github.com/rizinorg/rizin/commit/c025dcee40c8eac2ab559f2caa3798a2dbf019e4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rizinorg/rizin","events":[{"introduced":"0"},{"fixed":"36a1bf3ec837dd74e4829a6535f2cab349fd4ad2"},{"fixed":"c025dcee40c8eac2ab559f2caa3798a2dbf019e4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.6.3"}]}}],"versions":["0.1.0","v0.1.0","v0.1.1","v0.1.2","v0.2.0","v0.2.1","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.4.0","v0.4.1","v0.5.0","v0.5.1","v0.5.2","v0.6.0","v0.6.1","v0.6.2"],"database_specific":{"vanir_signatures_modified":"2026-04-12T07:01:47Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31668.json","vanir_signatures":[{"signature_type":"Line","signature_version":"v1","source":"https://github.com/rizinorg/rizin/commit/c025dcee40c8eac2ab559f2caa3798a2dbf019e4","id":"CVE-2024-31668-04c7c712","digest":{"threshold":0.9,"line_hashes":["149830631874058490921047097216589018525","167350021532386168069208135556396041984","81610900601000304630350715686118209594","76923611668925747058361716552375391390"]},"deprecated":false,"target":{"file":"librz/bin/dwarf/endian_reader.c"}},{"signature_type":"Function","signature_version":"v1","source":"https://github.com/rizinorg/rizin/commit/c025dcee40c8eac2ab559f2caa3798a2dbf019e4","id":"CVE-2024-31668-6832fa19","digest":{"length":293,"function_hash":"86253500105812889384753300284385428508"},"deprecated":false,"target":{"file":"librz/bin/dwarf/endian_reader.c","function":"read_string"}},{"signature_type":"Line","signature_version":"v1","source":"https://github.com/rizinorg/rizin/commit/c025dcee40c8eac2ab559f2caa3798a2dbf019e4","id":"CVE-2024-31668-98f50791","digest":{"threshold":0.9,"line_hashes":["66867062006877592739540930157364835429","268377292979467090942145133379825036089","221294632158869389884223452093718360374","225856599841393617404325283914124290071","59993212339210575473479871550169570548","188832322628248375123977347869887224063","49549168292831335334187289542790662745","188621900781606839823797160999665327578","246670815751216851418012096182398773501","200787819769135820450880730260021795859","249826723868275114251864164306098414849","218165236094882795330958554964852655606","299384039367504510474112255595244180471","250498615829374523322698395201185710189","66483678243416632723453292385582620597","40287820546034608753862662210334698587","260129953900474448453575589491124957195","26722549309290513029574486711612765636","334820123275797644215161726849683133907","24650517830547257404742608531273299810"]},"deprecated":false,"target":{"file":"librz/include/rz_bin_dwarf.h"}},{"signature_type":"Function","signature_version":"v1","source":"https://github.com/rizinorg/rizin/commit/c025dcee40c8eac2ab559f2caa3798a2dbf019e4","id":"CVE-2024-31668-acc5a0f5","digest":{"length":676,"function_hash":"217244488678792062342294097188668692735"},"deprecated":false,"target":{"file":"librz/include/rz_bin_dwarf.h","function":"rz_bin_dwarf_attr_string"}},{"signature_type":"Line","signature_version":"v1","source":"https://github.com/rizinorg/rizin/commit/c025dcee40c8eac2ab559f2caa3798a2dbf019e4","id":"CVE-2024-31668-da9f0936","digest":{"threshold":0.9,"line_hashes":["163993452826350124049717869032169045739","204848173787852550961760472416045494722","73976613588288148325975744489008238024"]},"deprecated":false,"target":{"file":"librz/bin/dwarf/dwarf_private.h"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}