Published: 27/10/2017 Updated: 02/11/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.

Vulnerable Product	Search on Vulmon	Subscribe to Product
radare radare2 2.0.1

Debian Bug report logs - #880025 radare2: CVE-2017-15931 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2017 15:33:05 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880619 radare2: CVE-2017-16358 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2017 20:06:02 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880620 radare2: CVE-2017-16357 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2017 20:27:02 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #882134 radare2: CVE-2017-16805 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 19 Nov 2017 14:12:11 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #878767 radare2: CVE-2017-15368: Stack buffer overflow in r_hex_bin2str() Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 16 Oct 2017 15:24:01 UTC Severity: impor ...

Debian Bug report logs - #879119 radare2: CVE-2017-15385 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 19 Oct 2017 16:54:01 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880616 radare2: CVE-2017-16359 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2017 19:51:01 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880024 radare2: CVE-2017-15932 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2017 15:33:02 UTC Severity: important Tags: fixed-upstream, patch, security ...

CWE-125 https://github.com/radare/radare2/issues/8743 https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9 http://www.securityfocus.com/bid/101614 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025

Get Started

CVE-2017-15932

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect