Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 674014 (CVE-2018-20455, CVE-2018-20456)

Summary: <dev-util/radare2-3.1.1: multiple vulnerabilities
Product: Gentoo Security Reporter: Melissa Mcdonald <melrosemc216599>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: slyfox
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Melissa Mcdonald 2018-12-29 16:34:34 UTC 
https://nvd.nist.gov/vuln/detail/CVE-2018-20455:

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.


https://nvd.nist.gov/vuln/detail/CVE-2018-20456:

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.

References:

https://github.com/radare/radare2/issues/12373
https://github.com/radare/radare2/issues/12372
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-03-24 02:30:48 UTC 
tree is clean