Multiple vulnerabilities in Radare radare2
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-6194 CVE-2017-6448 CVE-2017-6319 CVE-2017-6387 CVE-2017-6415 CVE-2017-6197 |
| CWE-ID | CWE-122 CWE-121 CWE-119 CWE-125 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
radare2 Universal components / Libraries / Software for developers |
| Vendor | Radare |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU39296
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-6194
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1. A remote attacker can use a crafted binary file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsradare2: 1.2.1
CPE2.3 External linkshttps://www.securityfocus.com/bid/97299
https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18
https://github.com/radare/radare2/issues/6829
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU39297
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-6448
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the dalvik_disassemble function in libr/asm/p/asm_dalvik.c when processing a crafted DEX file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsradare2: 1.2.1
CPE2.3 External linkshttps://www.securityfocus.com/bid/97313
https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257
https://github.com/radare/radare2/issues/6885
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU39591
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6319
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
MitigationInstall update from vendor's website.
Vulnerable software versionsradare2: 1.2.1
CPE2.3 External linkshttps://www.securityfocus.com/bid/96520
https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431
https://github.com/radare/radare2/issues/6836
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU39592
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-6387
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
MitigationInstall update from vendor's website.
Vulnerable software versionsradare2: 1.2.1
CPE2.3 External linkshttps://www.securityfocus.com/bid/96521
https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb
https://github.com/radare/radare2/issues/6857
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU39593
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-6415
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted DEX file.
MitigationInstall update from vendor's website.
Vulnerable software versionsradare2: 1.2.1
CPE2.3 External linkshttps://www.securityfocus.com/bid/96523
https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308
https://github.com/radare/radare2/issues/6872
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU39625
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-6197
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted binary file, as demonstrated by the r_read_le32 function.
MitigationInstall update from vendor's website.
Vulnerable software versionsradare2: 1.2.1
CPE2.3 External linkshttps://www.securityfocus.com/bid/96433
https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989
https://github.com/radare/radare2/issues/6816
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
