CVE-2017-15385

Name of the Vulnerable Software and Affected Versions radare2 version 2.0.0

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash, or possibly have other unspecified impacts through a crafted ELF file. This is due to an invalid write in the r read le16 function when handling a maliciously crafted file.

Recommendations For radare2 version 2.0.0, consider avoiding the use of the store versioninfo gnu verdef function in libr/bin/format/elf/elf.c until a patch is available. As a temporary workaround, restrict the processing of untrusted ELF files to minimize the risk of exploitation.