CVE-2019-19590Integer Overflow or Wraparound in Radare2

CWE-190Integer Overflow or WraparoundCWE-416Use After Free7 documents5 sources
Severity
7.8HIGHNVD
EPSS
3.1%
top 13.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Radare2Radare Radare2
Timeline
PublishedDec 5
Latest updateMay 24

Description

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/radare2< radare2 4.2.1+dfsg-1 (sid)
NVDradare/radare24.0.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-67rp-x49w-2277: In radare2 through 42022-05-24
OSV
CVE-2019-19590: In radare2 through 42019-12-05

📋Vendor Advisories

1
Debian
CVE-2019-19590: radare2 - In radare2 through 4.0, there is an integer overflow for the variable new_token_...2019

💬Community

3
Bugzilla
CVE-2019-19590 radare2: integer overflow in for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c [fedora-all]2020-01-27
Bugzilla
CVE-2019-19590 radare2: integer overflow in for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c2020-01-27
Bugzilla
CVE-2019-19590 radare2: integer overflow in for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c [epel-7]2020-01-27