| Summary: | <dev-util/radare2-5.8.6: multiple DoS vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | davidroman96, proxy-maint |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2 | ||
| Whiteboard: | ~3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2023-03-27 02:49:01 UTC
CVE-2023-27114 (https://github.com/radareorg/radare2/issues/21363): radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. Fix is in 5.8.4: https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509 (In reply to John Helmert III from comment #0) > CVE-2023-1605: > > Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. > > Patch: > https://github.com/radareorg/radare2/commit/ > 508a6307045441defd1bef0999a1f7052097613f > > Commit not actually in 5.8.6. ... now it is! And 5.8.6 is in the tree. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd0ec87d6d8984f7c89de21f735f487d331ab8ac commit dd0ec87d6d8984f7c89de21f735f487d331ab8ac Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-06-09 04:43:27 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 04:43:42 +0000 dev-util/radare2: drop 5.8.2 Bug: https://bugs.gentoo.org/903151 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-util/radare2/Manifest | 5 -- dev-util/radare2/radare2-5.8.2.ebuild | 125 ---------------------------------- 2 files changed, 130 deletions(-) |