651578 – dev-util/radare2: Multiple vulnerabilities

Bug 651578 - dev-util/radare2: Multiple vulnerabilities

Summary: dev-util/radare2: Multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:
Whiteboard:	~3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-03-26 13:35 UTC by GLSAMaker/CVETool Bot
Modified:	2018-06-22 03:19 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2018-03-26 13:35:16 UTC

CVE-2018-8810 (https://nvd.nist.gov/vuln/detail/CVE-2018-8810):
  In radare2 2.4.0, there is a heap-based buffer over-read in the
  get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage
  this vulnerability to cause a denial of service via a crafted Mach-O file.

CVE-2018-8809 (https://nvd.nist.gov/vuln/detail/CVE-2018-8809):
  In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op
  function of anal_dalvik.c. Remote attackers could leverage this
  vulnerability to cause a denial of service via a crafted dex file.

CVE-2018-8808 (https://nvd.nist.gov/vuln/detail/CVE-2018-8808):
  In radare2 2.4.0, there is a heap-based buffer over-read in the
  r_asm_disassemble function of asm.c. Remote attackers could leverage this
  vulnerability to cause a denial of service via a crafted dex file.

Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev

2018-03-27 22:44:52 UTC

Those are fixed upstream as:
- https://github.com/radare/radare2/issues/9725
- https://github.com/radare/radare2/issues/9726
- https://github.com/radare/radare2/issues/9727

Only 2 of 3 patches apply as-is on 2.4.0. Let's give upstream some time (up to this weekend) to cut release before investing time in backporting.

Comment 2 Larry the Git Cow gentoo-dev

2018-04-10 06:38:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66b305975cdb7550b4111882dcae37d24ad297ca

commit 66b305975cdb7550b4111882dcae37d24ad297ca
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-10 06:37:11 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-10 06:37:48 +0000

    dev-util/radare2: drop old
    
    Bug: https://bugs.gentoo.org/651578
    Bug: https://bugs.gentoo.org/636184
    Bug: https://bugs.gentoo.org/637454
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-util/radare2/Manifest                |  4 --
 dev-util/radare2/radare2-2.1.0-r1.ebuild | 63 --------------------------------
 dev-util/radare2/radare2-2.1.0-r2.ebuild | 56 ----------------------------
 dev-util/radare2/radare2-2.1.0.ebuild    | 59 ------------------------------
 dev-util/radare2/radare2-2.2.0.ebuild    | 56 ----------------------------
 dev-util/radare2/radare2-2.3.0.ebuild    | 56 ----------------------------
 dev-util/radare2/radare2-2.4.0.ebuild    | 56 ----------------------------
 7 files changed, 350 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40f69da3a82363c3220215da8a91c9740d7f7071

commit 40f69da3a82363c3220215da8a91c9740d7f7071
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-10 06:35:34 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-10 06:37:47 +0000

    dev-util/radare2: bump up to 2.5.0
    
    Bug: https://bugs.gentoo.org/651578
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-util/radare2/Manifest             |  1 +
 dev-util/radare2/radare2-2.5.0.ebuild | 56 +++++++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)}