Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 637454 (CVE-2017-16805) - <dev-util/radare2-2.1.0: denial of service vulnerability in dwarf.c
Summary: <dev-util/radare2-2.1.0: denial of service vulnerability in dwarf.c
Status: RESOLVED FIXED
Alias: CVE-2017-16805
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Low trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/radare/radare2/iss...
Whiteboard: ~3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-16357, CVE-2017-16358, CVE-2017-16359
  Show dependency tree
 
Reported: 2017-11-14 06:52 UTC by D'juan McDonald (domhnall)
Modified: 2018-06-13 20:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-11-14 06:52:07 UTC
CVE-2017-16805(https://nvd.nist.gov/vuln/detail/CVE-2017-16805):
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.

Upstream Fix: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d

@maintainer(s), please confirm if vulnerability exists prior to commit e8aa0865, thank you.

Gentoo Security Padawan
(jmbailey/mbailey_j)
Comment 1 Larry the Git Cow gentoo-dev 2017-11-27 22:55:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2869d5ce2b00c252852cece926192b8a6fe879d5

commit 2869d5ce2b00c252852cece926192b8a6fe879d5
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2017-11-27 22:55:35 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2017-11-27 22:55:46 +0000

    dev-util/radare2: drop old
    
    Reported-by: Daj' Uan (Jmbailey)
    Reported-by: Aleksandr Wagner (Kivak)
    Bug: https://bugs.gentoo.org/636184
    Bug: https://bugs.gentoo.org/637454
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-util/radare2/Manifest                          |  1 -
 .../radare2/files/radare2-2.0.1-635618-p1.patch    | 29 -----------
 .../radare2/files/radare2-2.0.1-635618-p2.patch    | 30 -----------
 dev-util/radare2/radare2-2.0.1-r1.ebuild           | 58 ----------------------
 4 files changed, 118 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f317b21403367e54ad982d541cd85aa62a633753

commit f317b21403367e54ad982d541cd85aa62a633753
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2017-11-27 22:54:35 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2017-11-27 22:55:46 +0000

    dev-util/radare2: bump up to 2.1.0
    
    Reported-by: Daj' Uan (Jmbailey)
    Reported-by: Aleksandr Wagner (Kivak)
    Bug: https://bugs.gentoo.org/636184
    Bug: https://bugs.gentoo.org/637454
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-util/radare2/Manifest             |  3 +-
 dev-util/radare2/radare2-2.1.0.ebuild | 56 +++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)}
Comment 2 Larry the Git Cow gentoo-dev 2018-04-10 06:37:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66b305975cdb7550b4111882dcae37d24ad297ca

commit 66b305975cdb7550b4111882dcae37d24ad297ca
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-10 06:37:11 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-10 06:37:48 +0000

    dev-util/radare2: drop old
    
    Bug: https://bugs.gentoo.org/651578
    Bug: https://bugs.gentoo.org/636184
    Bug: https://bugs.gentoo.org/637454
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-util/radare2/Manifest                |  4 --
 dev-util/radare2/radare2-2.1.0-r1.ebuild | 63 --------------------------------
 dev-util/radare2/radare2-2.1.0-r2.ebuild | 56 ----------------------------
 dev-util/radare2/radare2-2.1.0.ebuild    | 59 ------------------------------
 dev-util/radare2/radare2-2.2.0.ebuild    | 56 ----------------------------
 dev-util/radare2/radare2-2.3.0.ebuild    | 56 ----------------------------
 dev-util/radare2/radare2-2.4.0.ebuild    | 56 ----------------------------
 7 files changed, 350 deletions(-)}