Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

radare2: CVE-2017-15931

Related Vulnerabilities: CVE-2017-15931   CVE-2017-15368   CVE-2017-15385   CVE-2017-15932   CVE-2017-16359   CVE-2017-16358   CVE-2017-16357   CVE-2017-16805  

Source

Debian Bug report logs - #880025
radare2: CVE-2017-15931

version graph

Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@tracker.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 28 Oct 2017 15:33:05 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in version radare2/2.0.0+dfsg-1

Fixed in version radare2/2.1.0+dfsg-1

Done: Sebastian Reichel <sre@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/radare/radare2/issues/8731

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastian Reichel <sre@debian.org>:
Bug#880025; Package src:radare2. (Sat, 28 Oct 2017 15:33:08 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastian Reichel <sre@debian.org>. (Sat, 28 Oct 2017 15:33:08 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: radare2: CVE-2017-15931
Date: Sat, 28 Oct 2017 17:32:34 +0200
Source: radare2
Version: 2.0.0+dfsg-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/radare/radare2/issues/8731

Hi,

the following vulnerability was published for radare2.

CVE-2017-15931[0]:
| In radare2 2.0.1, an integer exception (negative number leading to an
| invalid memory access) exists in store_versioninfo_gnu_verneed() in
| libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-15931
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15931
[1] https://github.com/radare/radare2/issues/8731
[2] https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Thu, 02 Nov 2017 17:39:06 GMT) (full text, mbox, link).

Reply sent to Sebastian Reichel <sre@debian.org>:
You have taken responsibility. (Tue, 28 Nov 2017 12:03:18 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 28 Nov 2017 12:03:18 GMT) (full text, mbox, link).

Message #12 received at 880025-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Reichel <sre@debian.org>
To: 880025-close@bugs.debian.org
Subject: Bug#880025: fixed in radare2 2.1.0+dfsg-1
Date: Tue, 28 Nov 2017 12:00:14 +0000
Source: radare2
Source-Version: 2.1.0+dfsg-1

We believe that the bug you reported is fixed in the latest version of
radare2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880025@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Reichel <sre@debian.org> (supplier of updated radare2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 27 Nov 2017 16:14:43 +0100
Source: radare2
Binary: radare2 libradare2-2.1 libradare2-dev libradare2-common
Architecture: source amd64 all
Version: 2.1.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Sebastian Reichel <sre@debian.org>
Changed-By: Sebastian Reichel <sre@debian.org>
Description:
 libradare2-2.1 - libraries from the radare2 suite
 libradare2-common - arch independent files from the radare2 suite
 libradare2-dev - devel files from the radare2 suite
 radare2    - free and advanced command line hexadecimal editor
Closes: 878767 879119 880024 880025 880616 880619 880620 882134
Changes:
 radare2 (2.1.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream release
    - Fix for CVE-2017-15368 (Closes: #878767)
      The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0
      allows remote attackers to cause a denial of service (stack-based
      buffer over-read and application crash) or possibly have unspecified
      other impact via a crafted WASM file that triggers an incorrect
      r_hex_bin2str call.
    - Fix for CVE-2017-15385 (Closes: #879119)
      The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c
      in radare2 2.0.0 allows remote attackers to cause a denial of service
      (r_read_le16 invalid write and application crash) or possibly have
      unspecified other impact via a crafted ELF file.
    - Fix for CVE-2017-15932 (Closes: #880024)
      In radare2 2.0.1, an integer exception (negative number leading to an
      invalid memory access) exists in store_versioninfo_gnu_verdef() in
      libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF
      version on 32bit systems.
    - Fix for CVE-2017-15931 (Closes: #880025)
      In radare2 2.0.1, an integer exception (negative number leading to an
      invalid memory access) exists in store_versioninfo_gnu_verneed() in
      libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
    - Fix for CVE-2017-16359 (Closes: #880616)
      In radare 2.0.1, a pointer wraparound vulnerability exists in
      store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
    - Fix for CVE-2017-16358 (Closes: #880619)
      In radare 2.0.1, an out-of-bounds read vulnerability exists in
      string_scan_range() in libr/bin/bin.c when doing a string search.
    - Fix for CVE-2017-16357 (Closes: #880620)
      In radare 2.0.1, a memory corruption vulnerability exists in
      store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in
      libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This
      error is due to improper sh_size validation when allocating memory.
    - Fix for CVE-2017-16805 (Closes: #882134)
      In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a
      denial of service (invalid read and application crash) via a crafted
      ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and
      sdb_set_internal in shlr/sdb/src/sdb.c.
   * Update Debian Standards Version to 4.1.1
Checksums-Sha1:
 49a863dd533ac81be0fd7c66f11380b3bd89b31e 2269 radare2_2.1.0+dfsg-1.dsc
 f5df7074eb4e840c5a589a7db3bfa4299181371f 3505288 radare2_2.1.0+dfsg.orig.tar.xz
 7d497f28cb56ae148d53bc65a245622ff4c4daa6 13696 radare2_2.1.0+dfsg-1.debian.tar.xz
 93f14782ae0f4452ff2dc262b7de74b402099587 10336124 libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb
 6441c4ddaa2657f1350ceda20eed7891db44ca11 2434780 libradare2-2.1_2.1.0+dfsg-1_amd64.deb
 90166c4557803d9a8465d457bb123541f6434f47 543788 libradare2-common_2.1.0+dfsg-1_all.deb
 2ebe4d82e74a6725d1f1f31f23a56916177880f3 155040 libradare2-dev_2.1.0+dfsg-1_amd64.deb
 b3c1497df1a0a9391fe628d3156a5fba1bdf6d57 330916 radare2-dbgsym_2.1.0+dfsg-1_amd64.deb
 cb702eac5ba76008b8f636445e023fcae155771d 8779 radare2_2.1.0+dfsg-1_amd64.buildinfo
 12e0e7c23f34ecf0fe8c19a500cb5a7d0d9a9601 164168 radare2_2.1.0+dfsg-1_amd64.deb
Checksums-Sha256:
 cfa5b321764d315d13a015e4d6d4683e6b7e7a8453bd7d2b5c40c70746f5ca37 2269 radare2_2.1.0+dfsg-1.dsc
 83aad992b0c26f67f20f29999a8be4ecbd7e1864fc733d22415a90c333840c59 3505288 radare2_2.1.0+dfsg.orig.tar.xz
 5defa20334383570febf06ad10d6ab6574f1c2a2d900192a5bf4fd1a2b5c47b8 13696 radare2_2.1.0+dfsg-1.debian.tar.xz
 6264c9c04cc926d8a840b97cc72132240dd58b2765091cf2e7da0b416595fca0 10336124 libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb
 ce9733a4704e372dc0ef784b1dbdadc62459b70e66db66543208d741708b3622 2434780 libradare2-2.1_2.1.0+dfsg-1_amd64.deb
 fed282ee405748686ffb7bf8f02e1eb025d075fc25e96e086e0c9da1485a5bba 543788 libradare2-common_2.1.0+dfsg-1_all.deb
 fc34e84f207814c65695324e3315283961572fcef9e993fb84d3d33e8351cd0f 155040 libradare2-dev_2.1.0+dfsg-1_amd64.deb
 fd763b07994d89dfd86ff9f8ee6a2f8a74ba5f8edc0608746fd89b0ef2c6a3b3 330916 radare2-dbgsym_2.1.0+dfsg-1_amd64.deb
 21bbba39ad39effba9fcf9aef675f7e561e7498ebb51976422c68f299d461463 8779 radare2_2.1.0+dfsg-1_amd64.buildinfo
 c1704640332a28afe07e1b4a858658220ef8f1c4fc872c997e516e1d247e13bb 164168 radare2_2.1.0+dfsg-1_amd64.deb
Files:
 2e65f11424ffa1ca83aaada3c74fbcca 2269 devel extra radare2_2.1.0+dfsg-1.dsc
 114e6178bd4897da63bda78c462fb29a 3505288 devel extra radare2_2.1.0+dfsg.orig.tar.xz
 efcab22d60f646a8cb202be8d725cbf8 13696 devel extra radare2_2.1.0+dfsg-1.debian.tar.xz
 fe810d9eded37aa61b7c9e6d8402d846 10336124 debug optional libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb
 68ace270e07865f09a59e8faf2378e9e 2434780 libs extra libradare2-2.1_2.1.0+dfsg-1_amd64.deb
 27c9045eafa29118c6cae4f83aed5e23 543788 devel extra libradare2-common_2.1.0+dfsg-1_all.deb
 f78b8003e9a61bb99eeb896684aea688 155040 libdevel extra libradare2-dev_2.1.0+dfsg-1_amd64.deb
 38563f40c8872933da37a3811b9cb44b 330916 debug optional radare2-dbgsym_2.1.0+dfsg-1_amd64.deb
 ff75a9e60ed78a70e4a2235df58a4f80 8779 devel extra radare2_2.1.0+dfsg-1_amd64.buildinfo
 9e260be5047f0aa8c7953fa47ca0cadb 164168 devel extra radare2_2.1.0+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEE72YNB0Y/i3JqeVQT2O7X88g7+poFAlocPecPHHNyZUBkZWJp
YW4ub3JnAAoJENju1/PIO/qaBugP+gJn4EvP43gOhS5+dXTbZlaVlooX39LYkLRQ
5dG+YKraMUaDjYnpoSVQknkAsZf3KO88h8wikxa9MAEVnQFEhfL1ojT4eW/Y2Oo8
hbUOEMCGuGVcYGSGvesaDXXBK4VU4pwnS4e4mD5kUHnVBHiNF4YPYtoq66HTs7KX
HDZwhs99UCKPi0m7KfjYanGrf1P475Co3wIW5d2MtJ9FeXGwY9lYfjxlXiiNZ/6x
+Hy4OKWPTP/47U5TS+dPgyJTFH+MUixPlqc7g6edZksOuJ4+CfUtGPcOGwIVDm70
9ms/l4pb7XbQSy83Uqk5meWOA7mi+1r2Jt79VCz/T8IRdB7SJQqSa2ffb6Srmka7
LGrCL79D9dcV5Xh/7Lm7qP3f7A/G/tOC29rQwndXTuIoWt93Cmtn+JEEJ6Jd2xGD
hhtiyR9hlLANvGdQTYUopYqv2KvhyEM+IOzXLxJ4YERwRVc5gbXb9HVxi+SYHp1T
4mc4hcvF/A1jyP44m8a3WQJdZuvSbTOk6qAsxqcJ4JdWHGMOQzxjQpjJqoxmBmnP
Q1XWDUnyu1IFm1R6T7MNZ3gxlR7Mwk8F1ajDTPFQ7UNI7oCQTPi/9lST3urcQjNp
jnrMjq1EPGiX1v8/CT2QJy+tjLxVpaa+KeAKD24VjyK80AP1opKfYjQ2mS7xl2ge
GGkdHH+A
=yhQm
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Dec 2017 07:26:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:44:24 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started