CVE-2023-27590: 
NixOS vulnerability analysis and mitigation

Rizin, a UNIX-like reverse engineering framework and command-line toolset, was found to contain a stack-based buffer overflow vulnerability (CVE-2023-27590) in version 0.5.1 and prior. The vulnerability occurs when converting a GDB registers profile file into a Rizin register profile, specifically when the 'name', 'type', or 'groups' fields contain values longer than expected (GitHub Advisory).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) with a CVSS v3.1 Base Score of 7.8 (HIGH). The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring no privileges (PR:N) but user interaction (UI:R). The scope is unchanged (S:U) with High impact on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability could allow an attacker to cause a buffer overflow when processing GDB register profile files, potentially leading to arbitrary code execution. The vulnerability affects users who open untrusted GDB registers files using the 'drpg' or 'arpg' commands (GitHub Advisory).

The vulnerability has been patched in version 0.5.2. Users are advised to upgrade to this version or later. As a workaround, users should review GDB register profiles before loading them with 'drpg'/'arpg' commands. The fix was implemented in commit d6196703d89c84467b600ba2692534579dc25ed4 (GitHub Advisory).