oss-sec mailing list archives
multiple vulnerabilities in radare2
From: Dimitrios Glynos <dimitris () census-labs com>
Date: Wed, 25 May 2022 13:46:21 +0300
Hello all, Angelos T. Kalaitzidis of CENSUS had identified three vulnerabilities in radare2: - A null pointer dereference bug (CVE-2022-0419, fixed in version 5.6.0) - A heap buffer overflow bug (CVE-2021-44975, fixed in version 5.6.0) - A null pointer dereference bug (CVE-2021-44974, fixed in version 5.5.4) They're all triggerable by having radare2 process a crafted binary. There's more information about these issues here: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ We're mostly sending this for CVE-to-patch coordination purposes for distros, as the issues have been addressed some time ago (back in February) by the upstream project. Kind regards, Dimitris
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- multiple vulnerabilities in radare2 Dimitrios Glynos (May 25)