Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 735806 (CVE-2020-16269)

Summary: <dev-util/radare2-4.5.1: Denial of service vulnerability (CVE-2020-16269)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: davidroman96, slyfox
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/radareorg/radare2/issues/17383
See Also: https://bugs.gentoo.org/show_bug.cgi?id=736800
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-08-03 19:11:38 UTC 
CVE-2020-16269:

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.



Looks like a fix is set for the 4.6.0 milestone. No patch yet.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-27 19:55:08 UTC 
Patch was included in 4.5.1, and tree is clean. All done!