CVE-2019-12802Use After Free in Radare2

CWE-416Use After FreeCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 35.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Radare2Radare Radare2Fedoraproject Fedora
Timeline
PublishedJun 13
Latest updateMay 24

Description

In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/radare2< radare2 3.8.0+dfsg-1 (sid)
NVDradare/radare23.5.1

Also affects: Fedora 29, 30

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-hvf9-qhxq-6pcq: In radare2 through 32022-05-24
OSV
CVE-2019-12802: In radare2 through 32019-06-13

📋Vendor Advisories

1
Debian
CVE-2019-12802: radare2 - In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishan...2019

💬Community

3
Bugzilla
CVE-2019-12802 radare2: denial of service in function rcc_context in /libr/egg/egg_lang.c [fedora-all]2019-06-21
Bugzilla
CVE-2019-12802 radare2: denial of service in function rcc_context in /libr/egg/egg_lang.c [epel-7]2019-06-21
Bugzilla
CVE-2019-12802 radare2: denial of service in function rcc_context in /libr/egg/egg_lang.c2019-06-21