CVE-2024-31669 – Rizin versions before v0.6.3 contain a vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-31669?

CVE-2024-31669 has a CVSS score of 7.5 (HIGH). Rizin versions before v0.6.3 contain a vulnerability in the PE binary parsing functions that allows attackers to cause uncontrolled resource consumption (denial of service) by feeding specially crafted PE files. This affects anyone using rizin for binary analysis, reverse engineering, or security research. The vulnerability resides in three specific parsing functions.

📋 TL;DR

Rizin versions before v0.6.3 contain a vulnerability in the PE binary parsing functions that allows attackers to cause uncontrolled resource consumption (denial of service) by feeding specially crafted PE files. This affects anyone using rizin for binary analysis, reverse engineering, or security research. The vulnerability resides in three specific parsing functions.

💻 Affected Systems

Products:

rizin

Versions: All versions before v0.6.3

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using vulnerable versions are affected regardless of configuration. The vulnerability is triggered when parsing PE files with the affected functions.

📦 What is this software?

Rizin by Rizin

View all CVEs affecting Rizin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system resource exhaustion leading to denial of service, potentially crashing the rizin process and consuming significant CPU/memory resources on the host system.

🟠

Likely Case

Rizin process crashes or becomes unresponsive when analyzing malicious PE files, disrupting reverse engineering workflows and analysis sessions.

🟢

If Mitigated

Limited impact with proper input validation and resource limits in place; may cause temporary process instability but not system-wide issues.

🌐 Internet-Facing: LOW - Rizin is typically used as a local analysis tool, not exposed to external networks.

🏢 Internal Only: MEDIUM - Internal users could exploit this intentionally or unintentionally by analyzing malicious files, causing local denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires creating specially crafted PE files that trigger the resource consumption bugs in the parsing functions. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.6.3 and later

Vendor Advisory: https://github.com/rizinorg/rizin/commit/e42999dda0be7737fafaf5e63c1c5833a72fd9c9

Restart Required: No

Instructions:

1. Update rizin to version v0.6.3 or later using your package manager. 2. For source installations: git clone https://github.com/rizinorg/rizin, checkout v0.6.3+, and rebuild. 3. Verify the update with 'rizin --version'.

🔧 Temporary Workarounds

Avoid parsing untrusted PE files

all

Do not use rizin to analyze PE files from untrusted sources until patched.

Implement resource limits

linux

Use system resource limits (ulimit on Linux, Job Objects on Windows) to restrict rizin process resource consumption.

ulimit -v 2097152
ulimit -t 300

🧯 If You Can't Patch

Isolate rizin usage to dedicated systems with limited resources
Implement strict file validation before feeding PE files to rizin

🔍 How to Verify

Check if Vulnerable:

Run 'rizin --version' and check if version is below v0.6.3. If version is unknown, assume vulnerable.

Check Version:

rizin --version

Verify Fix Applied:

Run 'rizin --version' and confirm version is v0.6.3 or higher. Test with known problematic PE files if available.

📡 Detection & Monitoring

Log Indicators:

Rizin process crashes with segmentation faults
High CPU/memory usage by rizin processes
Repeated rizin process restarts

Network Indicators:

None - this is a local file parsing vulnerability

SIEM Query:

Process:Name='rizin' AND (EventID=1000 OR EventID=1001) OR Process:Name='rizin' AND ResourceUsage:CPU>90%

📊 Metadata

CVE ID: CVE-2024-31669

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: December 2, 2024

Last Updated: July 2, 2025

🔗 References

https://gist.github.com/Crispy-fried-chicken/fb9f7000f0517a085483f7f2a60f0f08 Third Party Advisory
https://github.com/rizinorg/rizin/commit/e42999dda0be7737fafaf5e63c1c5833a72fd9c9 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31669, you might also want to check these: