Debian Radare2 vulnerabilities

CVE-2017-16359 [MEDIUM] CVE-2017-16359: radare2 - In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_... In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. Scope: local sid: resolved (fixed in 2.1.0+dfsg-1)

CVE-2017-6415 [MEDIUM] CVE-2017-6415: radare2 - The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allow... The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. Scope: local sid: resolved (fixed in 1.1.0+dfsg-3)

CVE-2017-6387 [MEDIUM] CVE-2017-6387: radare2 - The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote... The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. Scope: local sid: resolved (fixed in 1.1.0+dfsg-3)

CVE-2017-16805 [MEDIUM] CVE-2017-16805: radare2 - In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of ... In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. Scope: local sid: resolved (fixed in 2.1.0+dfsg-1)

CVE-2017-7854 [MEDIUM] CVE-2017-7854: radare2 - The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attacker... The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. Scope: local sid: resolved

CVE-2017-9761 [MEDIUM] CVE-2017-9761: radare2 - The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attacker... The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. Scope: local sid: resolved (fixed in 1.6.0+dfsg-1)

CVE-2017-7946 [MEDIUM] CVE-2017-7946: radare2 - The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 all... The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. Scope: local sid: resolved (fixed in 1.1.0+dfsg-5)

CVE-2017-9520 [MEDIUM] CVE-2017-9520: radare2 - The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote... The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. Scope: local sid: resolved (fixed in 1.6.0+dfsg-1)

CVE-2017-7716 [MEDIUM] CVE-2017-7716: radare2 - The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remo... The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. Scope: local sid: resolved

CVE-2017-9762 [MEDIUM] CVE-2017-9762: radare2 - The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote att... The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. Scope: local sid: resolved (fixed in 1.6.0+dfsg-1)

CVE-2017-7274 [MEDIUM] CVE-2017-7274: radare2 - The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows re... The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. Scope: local sid: resolved

CVE-2017-9763 [HIGH] CVE-2017-9763: grub2 - The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as... The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. Scope: local bookworm: resolved (fixed in 2.02~beta2-8) bullseye: resolved

CVE-2017-10929 [HIGH] CVE-2017-10929: radare2 - The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remot... The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. Scope: local sid

CVE-2015-2305 [MEDIUM] CVE-2015-2305: alpine - Integer overflow in the regcomp implementation in the Henry Spencer BSD regex li... Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Scope: local bookworm: resolved bullseye: