AVG-709 log

Package radare2
Status Fixed
Severity High
Type multiple issues
Affected 2.5.0-1
Fixed 2.6.0-1
Current 4.0.0-1 [community]
Ticket None
Created Tue May 22 21:15:05 2018
Issue Severity Remote Type Description
CVE-2018-11384 Medium Yes Denial of service
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11383 Medium Yes Denial of service
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF...
CVE-2018-11382 Medium Yes Denial of service
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11381 Medium Yes Denial of service
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11380 Medium Yes Denial of service
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11379 Medium Yes Denial of service
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11378 High Yes Arbitrary code execution
The wasm_dis() function in libr/asm/arch/wasm/wasm.c has a stack- buffer overflow that may result in denial-of-service or possibly have unspecified other...
CVE-2018-11377 Medium Yes Denial of service
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11376 Medium Yes Denial of service
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11375 Medium Yes Denial of service
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
Date Advisory Package Description
05 Jun 2018 ASA-201806-2 radare2 multiple issues