Published: 13/11/2017 Updated: 29/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In radare2 2.0.1, libr/bin/dwarf.c allows remote malicious users to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
radare radare2 2.0.1

Debian Bug report logs - #880025 radare2: CVE-2017-15931 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2017 15:33:05 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880619 radare2: CVE-2017-16358 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2017 20:06:02 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880620 radare2: CVE-2017-16357 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2017 20:27:02 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #882134 radare2: CVE-2017-16805 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 19 Nov 2017 14:12:11 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #878767 radare2: CVE-2017-15368: Stack buffer overflow in r_hex_bin2str() Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 16 Oct 2017 15:24:01 UTC Severity: impor ...

Debian Bug report logs - #879119 radare2: CVE-2017-15385 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 19 Oct 2017 16:54:01 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880616 radare2: CVE-2017-16359 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2017 19:51:01 UTC Severity: important Tags: fixed-upstream, patch, security ...

Debian Bug report logs - #880024 radare2: CVE-2017-15932 Package: src:radare2; Maintainer for src:radare2 is Debian Security Tools <team+pkg-security@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2017 15:33:02 UTC Severity: important Tags: fixed-upstream, patch, security ...

CWE-125 https://github.com/radare/radare2/issues/8813 https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025

Get Started

CVE-2017-16805

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect