SB2022081922 - Multiple vulnerabilities in Radare2
Published: August 19, 2022 Updated: August 21, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Off-by-one (CVE-ID: CVE-2020-27793)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error in core_java.c. A remote attacker can trigger an off-by-one error and crash the application.
2) Double Free (CVE-ID: CVE-2020-27794)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in cmd_info.c:cmd_info(). A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Use of uninitialized resource (CVE-ID: CVE-2020-27795)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized resources in libr/core/cmd_anal.c, when command "adf" has no or wrong argument. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://github.com/radareorg/radare2/commit/ced0223c7a1b3b5344af315715cd28fe7c0d9ebc
- https://github.com/radareorg/radare2/issues/16304
- https://github.com/radareorg/radare2/issues/16303
- https://github.com/radareorg/radare2/commit/cb8b683758edddae2d2f62e8e63a738c39f92683
- https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22
- https://github.com/radareorg/radare2/pull/16230
- https://github.com/radareorg/radare2/issues/16215