PT-2023-30291 · Radare2+1 · Radare2+1

Gandalf4A

Published

2023-11-22

Updated

2024-10-11

CVE-2023-47016

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions radare2 version 5.8.9

Description The issue is an out-of-bounds read in the r bin object set items function located in libr/bin/bobj.c, which causes a crash in the r read le32 function in libr/include/r endian.h.

Recommendations For radare2 version 5.8.9, consider restricting access to the r bin object set items function until a patch is available. As a temporary workaround, avoid using the r read le32 function in libr/include/r endian.h to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2024-4821

ALT-PU-2024-6421

ALT-PU-2024-6763

CVE-2023-47016

MGASA-2024-0298

Affected Products

Alt Linux

Radare2

PT-2023-30291 · Radare2+1 · Radare2+1

CVE-2023-47016

Weakness Enumeration

Related Identifiers

Affected Products

References · 13