radare2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open-source tools to disasm, debug, analyze and manipulate binary files
Version 4.0.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-709 2.5.0-1 2.6.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-11384 AVG-709 Medium Yes Denial of service
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11383 AVG-709 Medium Yes Denial of service
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF...
CVE-2018-11382 AVG-709 Medium Yes Denial of service
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11381 AVG-709 Medium Yes Denial of service
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11380 AVG-709 Medium Yes Denial of service
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11379 AVG-709 Medium Yes Denial of service
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11378 AVG-709 High Yes Arbitrary code execution
The wasm_dis() function in libr/asm/arch/wasm/wasm.c has a stack- buffer overflow that may result in denial-of-service or possibly have unspecified other...
CVE-2018-11377 AVG-709 Medium Yes Denial of service
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11376 AVG-709 Medium Yes Denial of service
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11375 AVG-709 Medium Yes Denial of service
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...

Advisories

Date Advisory Group Severity Description
05 Jun 2018 ASA-201806-2 AVG-709 High multiple issues