PT-2020-14858 · Radare2+1 · Radare2+1

Architect

Published

2020-08-03

Updated

2021-07-21

CVE-2020-16269

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions radare2 version 4.5.0

Description The issue is related to the misparsing of DWARF information in executable files, which causes a segmentation fault in the parse typedef function in type dwarf.c. This occurs due to a malformed DW AT name in the .debug info section.

Recommendations For radare2 version 4.5.0, as a temporary workaround, consider disabling the parse typedef function in type dwarf.c to prevent the segmentation fault until a patch is available. Restrict access to malformed executable files to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-2739

CVE-2020-16269

MGASA-2021-0160

Affected Products

Alt Linux

Radare2

PT-2020-14858 · Radare2+1 · Radare2+1

CVE-2020-16269

Related Identifiers

Affected Products

References · 17