[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] multiple vulnerabilities in radare2
From: Dimitrios Glynos <dimitris () census-labs ! com>
Date: 2022-05-25 10:46:21
Message-ID: 060f9c47-1f5d-d2f2-1bb6-6cc8ec0afc6a () census-labs ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Hello all,
Angelos T. Kalaitzidis of CENSUS had identified three vulnerabilities in radare2:
- A null pointer dereference bug (CVE-2022-0419, fixed in version 5.6.0)
- A heap buffer overflow bug (CVE-2021-44975, fixed in version 5.6.0)
- A null pointer dereference bug (CVE-2021-44974, fixed in version 5.5.4)
They're all triggerable by having radare2 process a crafted binary.
There's more information about these issues here:
https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
We're mostly sending this for CVE-to-patch coordination purposes for distros,
as the issues have been addressed some time ago (back in February)
by the upstream project.
Kind regards,
Dimitris
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic