CVE-2022-36044

Name: CVE-2022-36044
Creator: NVD / NIST
Published: 2022-09-06T20:15:08.807+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.36%

Last modified Jun 17, 2026

CVE-2022-36044 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. EPSS estimates a 0.36% chance of exploitation in the next 30 days.

Description

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from Luac files. A user opening a malicious Luac file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commits 07b43bc8aa1ffebd9b68d60624c9610cf7e460c7 and 05bbd147caccc60162d6fba9baaaf24befa281cd contain fixes for the issue.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.36%

27.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Rizin	Rizin	<= 0.4.0

References

https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cdPatch, Third Party Advisory
https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460c7Patch, Third Party Advisory
https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5qThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/
https://security.gentoo.org/glsa/202209-06Third Party Advisory
https://github.com/rizinorg/rizin/commit/05bbd147caccc60162d6fba9baaaf24befa281cdPatch, Third Party Advisory
https://github.com/rizinorg/rizin/commit/07b43bc8aa1ffebd9b68d60624c9610cf7e460c7Patch, Third Party Advisory
https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5qThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/
https://security.gentoo.org/glsa/202209-06Third Party Advisory

Timeline

Published: Sep 6, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-36044?

How severe is CVE-2022-36044?

CVE-2022-36044 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.36% probability of exploitation in the next 30 days.

How do I fix CVE-2022-36044?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-36044?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST