PT-2017-17053 · Radare2 · Radare2
H4Ng3R
·
Publicado
2017-03-02
·
Atualizado
2020-10-15
·
CVE-2017-6415
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
radare2 version 1.2.1
Description
The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted DEX file. This is due to a problem in the dex parse debug item function in libr/bin/p/bin dex.c.
Recommendations
For radare2 version 1.2.1, consider avoiding the use of the dex parse debug item function until a patch is available. As a temporary workaround, restrict the processing of crafted DEX files to minimize the risk of exploitation.
Correção
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Radare2