radare2 up to and including 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
radare radare2 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |