CVE-2018-8809

Name of the Vulnerable Software and Affected Versions radare2 version 2.4.0

Description The issue is a heap-based buffer over-read in the dalvik op function of anal dalvik.c. This could allow remote attackers to cause a denial of service by providing a crafted dex file.

Recommendations For radare2 version 2.4.0, consider avoiding the use of crafted dex files until a patch is available. As a temporary workaround, restrict access to the dalvik op function in anal dalvik.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.