PT-2018-12279 · Radare2+1 · Radare2+1
Macromachine
·
Published
2018-07-12
·
Updated
2025-03-18
·
CVE-2018-14015
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
radare2 version 2.7.0
Description
The issue is related to a denial of service caused by an invalid read and application crash. This occurs when a crafted ELF file is processed due to missing input validation in the
r bin dwarf parse comp unit function in libr/bin/dwarf.c, which is called by the sdb set internal function in sdb.c.Recommendations
For radare2 version 2.7.0, consider restricting the use of the
sdb set internal function until a patch is available, or avoid processing untrusted ELF files to minimize the risk of exploitation.Exploit
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Radare2