CVE-2017-16357

Опубликовано: 01 нояб. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.

Ссылки

https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
Issue Tracking
Patch
Third Party Advisory
https://github.com/radare/radare2/issues/8742
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
Issue Tracking
Patch
Third Party Advisory
https://github.com/radare/radare2/issues/8742
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00215

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-16357

CVSS3: 7.8

ubuntu

больше 8 лет назад

CVE-2017-16357

CVSS3: 7.8

debian

больше 8 лет назад

In radare 2.0.1, a memory corruption vulnerability exists in store_ver ...

GHSA-v5w7-wrm9-wj54

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 44%

0.00215

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-119