CVE-2017-16805(https://nvd.nist.gov/vuln/detail/CVE-2017-16805): In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. Upstream Fix: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d @maintainer(s), please confirm if vulnerability exists prior to commit e8aa0865, thank you. Gentoo Security Padawan (jmbailey/mbailey_j)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2869d5ce2b00c252852cece926192b8a6fe879d5 commit 2869d5ce2b00c252852cece926192b8a6fe879d5 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2017-11-27 22:55:35 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2017-11-27 22:55:46 +0000 dev-util/radare2: drop old Reported-by: Daj' Uan (Jmbailey) Reported-by: Aleksandr Wagner (Kivak) Bug: https://bugs.gentoo.org/636184 Bug: https://bugs.gentoo.org/637454 Package-Manager: Portage-2.3.16, Repoman-2.3.6 dev-util/radare2/Manifest | 1 - .../radare2/files/radare2-2.0.1-635618-p1.patch | 29 ----------- .../radare2/files/radare2-2.0.1-635618-p2.patch | 30 ----------- dev-util/radare2/radare2-2.0.1-r1.ebuild | 58 ---------------------- 4 files changed, 118 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f317b21403367e54ad982d541cd85aa62a633753 commit f317b21403367e54ad982d541cd85aa62a633753 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2017-11-27 22:54:35 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2017-11-27 22:55:46 +0000 dev-util/radare2: bump up to 2.1.0 Reported-by: Daj' Uan (Jmbailey) Reported-by: Aleksandr Wagner (Kivak) Bug: https://bugs.gentoo.org/636184 Bug: https://bugs.gentoo.org/637454 Package-Manager: Portage-2.3.16, Repoman-2.3.6 dev-util/radare2/Manifest | 3 +- dev-util/radare2/radare2-2.1.0.ebuild | 56 +++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-)}
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66b305975cdb7550b4111882dcae37d24ad297ca commit 66b305975cdb7550b4111882dcae37d24ad297ca Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-10 06:37:11 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-10 06:37:48 +0000 dev-util/radare2: drop old Bug: https://bugs.gentoo.org/651578 Bug: https://bugs.gentoo.org/636184 Bug: https://bugs.gentoo.org/637454 Package-Manager: Portage-2.3.28, Repoman-2.3.9 dev-util/radare2/Manifest | 4 -- dev-util/radare2/radare2-2.1.0-r1.ebuild | 63 -------------------------------- dev-util/radare2/radare2-2.1.0-r2.ebuild | 56 ---------------------------- dev-util/radare2/radare2-2.1.0.ebuild | 59 ------------------------------ dev-util/radare2/radare2-2.2.0.ebuild | 56 ---------------------------- dev-util/radare2/radare2-2.3.0.ebuild | 56 ---------------------------- dev-util/radare2/radare2-2.4.0.ebuild | 56 ---------------------------- 7 files changed, 350 deletions(-)}