CVE-2018-20459

Name of the Vulnerable Software and Affected Versions radare2 versions prior to 3.1.4

Description The issue allows attackers to cause a denial-of-service by crafting an arm assembly input, leading to an application crash due to an out-of-bounds read. This is caused by a loop using an incorrect index and missing length validation.

Recommendations For versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the armass assemble function in libr/asm/arch/arm/armass.c until a patch is available. Avoid using crafted arm assembly inputs that could trigger the out-of-bounds read.