Summary: | <dev-util/radare2-5.6.8: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | davidroman96, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/25155 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 836001 |
Description
filip ambroz
2022-01-12 08:04:51 UTC
[CVE-2022-0139] This vulnerability is of use-after-free. The bug exists in latest stable release (radare2-5.5.4). URL: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ Patch:https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c Please bump to 5.6.0: https://github.com/radareorg/radare2/releases/tag/5.6.0 ...and then some more: [CVE-2022-0518] Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.2. URL: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184/ Patch: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa [CVE-2022-0519] Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. URL: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3/ Patch: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 [CVE-2022-0520] Use After Free in NPM radare2.js prior to 5.6.2. https://nvd.nist.gov/vuln/detail/CVE-2022-0520 URL: https://huntr.dev/bounties/ce13c371-e5ef-4993-97f3-3d33dcd943a6/ Patch: https://github.com/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 [CVE-2022-0521] Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. URL: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca/ Patch: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 [CVE-2022-0522] Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. URL: https://huntr.dev/bounties/2d45e589-d614-4875-bba1-be0f729e7ca9/ Patch: https://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d6 [CVE-2022-0523] Expired Pointer Dereference in NPM radare2.js prior to 5.6.2. URL: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69/ Patch: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269 CVE-2022-0559 (https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e): Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. CVE-2022-0713 (https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c): Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. CVE-2022-0712 (https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7): NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. CVE-2022-0695 (https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf): Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. CVE-2022-0476 (https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b): Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. CVE-2021-4021 (https://github.com/radareorg/radare2/issues/19436): A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS. CVE-2022-1283 (https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013): NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash). CVE-2022-1284 (https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7): heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. CVE-2022-1244 (https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82): heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. CVE-2022-1238 (https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200): Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). CVE-2022-1237 (https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40): Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). CVE-2022-1240 (https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc): Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). All patched upstream. CVE-2022-1296 (https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6): Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. CVE-2022-1297 (https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6): Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. CVE-2022-1382 (https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44): https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1 NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system. CVE-2022-1383 (https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9): https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. CVE-2022-1437 (https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136): Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. [CVE-2022-1444] heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. URLs: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa/ https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5 [CVE-2022-1451] Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. URLs: https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7 https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529 [CVE-2022-1452] Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. URLs: https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6 https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48627ba2203445afedb3eb0e99c24cf931896f1e commit 48627ba2203445afedb3eb0e99c24cf931896f1e Author: David Roman <davidroman96@gmail.com> AuthorDate: 2022-04-22 10:45:36 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-04-25 06:56:56 +0000 dev-util/radare2: verbump to 5.6.8 Bug: https://bugs.gentoo.org/831057 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: David Roman <davidroman96@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/25155 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-util/radare2/Manifest | 3 + dev-util/radare2/files/CVE-2022-1437.patch | 72 +++++++++++++++++++ dev-util/radare2/radare2-5.6.8.ebuild | 109 +++++++++++++++++++++++++++++ 3 files changed, 184 insertions(+) Thanks! Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12dee7b9dcd337b5bd8014904dedda597122049b commit 12dee7b9dcd337b5bd8014904dedda597122049b Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2022-04-26 05:49:50 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-04-26 05:49:50 +0000 dev-util/radare2: drop 5.5.4 Bug: https://bugs.gentoo.org/831057 Signed-off-by: Joonas Niilola <juippis@gentoo.org> dev-util/radare2/Manifest | 3 - dev-util/radare2/radare2-5.5.4.ebuild | 106 ---------------------------------- 2 files changed, 109 deletions(-) Thanks, all done! (In reply to filip ambroz from comment #11) > [CVE-2022-1444] > heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. > This vulnerability is capable of inducing denial of service. > URLs: > https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa/ > https://github.com/radareorg/radare2/commit/ > 14189710859c27981adb4c2c2aed2863c1859ec5 > > [CVE-2022-1451] > Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub > repository radareorg/radare2 prior to 5.7.0. The bug causes the program > reads data past the end 2f the intented buffer. > URLs: > https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7 > https://github.com/radareorg/radare2/commit/ > 0927ed3ae99444e7b47b84e43118deb10fe37529 > > [CVE-2022-1452] > Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in > GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the > program reads data past the end 2f the intented buffer. > URLs: > https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6 > https://github.com/radareorg/radare2/commit/ > ecc44b6a2f18ee70ac133365de0e509d26d5e168 I'm sorry, I missed this comment, these didn't make it into the release. I'll pop them into another bug. |