The r_strbuf_fini() function in radare2 2.5.0 allows remote malicious users to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
radare radare2 2.5.0 |
Vulmon