Multiple vulnerabilities in Radare radare2

Published: 2017-03-27 | Updated: 2021-01-25

Risk	Medium
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2017-7946 CVE-2017-7854 CVE-2017-7716 CVE-2017-7274
CWE-ID	CWE-416 CWE-125 CWE-476
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	radare2 Universal components / Libraries / Software for developers
Vendor	Radare

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU39175

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-7946

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a crafted Mach0 file. A remote attackers can cause a denial of service (use-after-free and application crash).

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

radare2: 1.3.0

CPE2.3

cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*

External links

https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92
https://github.com/radare/radare2/issues/7301

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU39191

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-7854

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The consume_init_expr function in wasm.c in radare2 1.3.0. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

radare2: 1.3.0

CPE2.3

cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*

External links

https://www.securityfocus.com/bid/97648
https://github.com/radare/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4
https://github.com/radare/radare2/issues/7265

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU39206

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-7716

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0. A remote attacker can perform a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

radare2: 1.3.0

CPE2.3