CVE-2020-17487Radare2 vulnerability

7 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Radare2Fedoraproject FedoraRadare Radare2
Timeline
PublishedAug 11
Latest updateMay 24

Description

radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

debiandebian/radare2< radare2 5.0.0+dfsg-1 (sid)
NVDradare/radare24.5.0

Also affects: Fedora 32, 33

🔴Vulnerability Details

2
GHSA
GHSA-m3m4-q36r-mrf5: radare2 42022-05-24
OSV
CVE-2020-17487: radare2 42020-08-11

📋Vendor Advisories

1
Debian
CVE-2020-17487: radare2 - radare2 4.5.0 misparses signature information in PE files, causing a segmentatio...2020

💬Community

3
Bugzilla
CVE-2020-17487 radare2: misparsing signature information in PE files could lead to DoS [epel-all]2020-08-18
Bugzilla
CVE-2020-17487 radare2: misparsing signature information in PE files could lead to DoS2020-08-18
Bugzilla
CVE-2020-17487 radare2: misparsing signature information in PE files could lead to DoS [fedora-all]2020-08-18