#VU38064 Buffer overflow in radare2 - CVE-2017-15385

Cybersecurity Help s.r.o.

Published: 2017-10-17 | Updated: 2020-08-08

Vulnerability identifier: #VU38064

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-15385

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
radare2
Universal components / Libraries / Software for developers

Vendor: Radare

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

radare2: 2.0.0

External links
https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4
https://github.com/radare/radare2/issues/8685

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Radare radare2