SB2017022406 - Multiple vulnerabilities in Radare radare2
Published: February 24, 2017 Updated: January 25, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2017-6194)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1. A remote attacker can use a crafted binary file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2017-6448)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the dalvik_disassemble function in libr/asm/p/asm_dalvik.c when processing a crafted DEX file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2017-6319)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
4) Out-of-bounds read (CVE-ID: CVE-2017-6387)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
5) NULL pointer dereference (CVE-ID: CVE-2017-6415)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted DEX file.
6) NULL pointer dereference (CVE-ID: CVE-2017-6197)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted binary file, as demonstrated by the r_read_le32 function.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/97299
- https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18
- https://github.com/radare/radare2/issues/6829
- http://www.securityfocus.com/bid/97313
- https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257
- https://github.com/radare/radare2/issues/6885
- http://www.securityfocus.com/bid/96520
- https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431
- https://github.com/radare/radare2/issues/6836
- http://www.securityfocus.com/bid/96521
- https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb
- https://github.com/radare/radare2/issues/6857
- http://www.securityfocus.com/bid/96523
- https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308
- https://github.com/radare/radare2/issues/6872
- http://www.securityfocus.com/bid/96433
- https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989
- https://github.com/radare/radare2/issues/6816