CVE-2020-16269 — Improper Input Validation in Radare2

CWE-20 — Improper Input Validation7 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 41.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Radare2 Fedoraproject Fedora Radare Radare2

Timeline

PublishedAug 3

Latest updateMay 24

Description

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶debiandebian/radare2< radare2 5.0.0+dfsg-1 (sid)

▶NVDradare/radare24.5.0

Also affects: Fedora 32, 33

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-32pf-q5pw-hg4f: radare2 4↗2022-05-24

▶

OSV

CVE-2020-16269: radare2 4↗2020-08-03

▶

📋Vendor Advisories

Debian

CVE-2020-16269: radare2 - radare2 4.5.0 misparses DWARF information in executable files, causing a segment...↗2020

▶

💬Community

Bugzilla

CVE-2020-16269 radare2: segmentation fault in parse_typedef function in type_dwarf.c via a malformed DW_AT_name in the .debug_info section [epel-all]↗2020-08-03

▶

Bugzilla

CVE-2020-16269 radare2: segmentation fault in parse_typedef function in type_dwarf.c via a malformed DW_AT_name in the .debug_info section↗2020-08-03

▶

Bugzilla

CVE-2020-16269 radare2: segmentation fault in parse_typedef function in type_dwarf.c via a malformed DW_AT_name in the .debug_info section [fedora-all]↗2020-08-03

▶