PT-2020-15022 · Radare2+1 · Radare2+1

Architect

Published

2020-08-11

Updated

2021-03-30

CVE-2020-17487

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions radare2 version 4.5.0

Description The issue is caused by radare2 misparsing signature information in PE files, leading to a segmentation fault in the r x509 parse algorithmidentifier function in libr/util/x509.c. This occurs due to a malformed object identifier in IMAGE DIRECTORY ENTRY SECURITY.

Recommendations For radare2 version 4.5.0, consider disabling the r x509 parse algorithmidentifier function as a temporary workaround until a patch is available. Restrict access to the libr/util/x509.c module to minimize the risk of exploitation. Avoid processing PE files with malformed object identifiers in IMAGE DIRECTORY ENTRY SECURITY until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-2739

CVE-2020-17487

MGASA-2021-0160

Affected Products

Alt Linux

Radare2

PT-2020-15022 · Radare2+1 · Radare2+1

CVE-2020-17487

Related Identifiers

Affected Products

References · 17