735806 – (CVE-2020-16269) <dev-util/radare2-4.5.1: Denial of service vulnerability (CVE-2020-16269)

Bug 735806 (CVE-2020-16269) - <dev-util/radare2-4.5.1: Denial of service vulnerability (CVE-2020-16269)

Summary: <dev-util/radare2-4.5.1: Denial of service vulnerability (CVE-2020-16269)

Status:	RESOLVED FIXED

Alias:	CVE-2020-16269

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://github.com/radareorg/radare2/...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2020-08-03 19:11 UTC by John Helmert III
Modified:	2021-02-27 19:55 UTC (History)
CC List:	2 users (show)

See Also:	CVE-2020-17487
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-08-03 19:11:38 UTC

CVE-2020-16269:

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.



Looks like a fix is set for the 4.6.0 milestone. No patch yet.

Comment 1 John Helmert III archtester

2020-11-04 15:29:27 UTC

Patch: https://github.com/radareorg/radare2/commit/36817b1ab595a2c46841593f95aae59f8060cf31

Comment 2 John Helmert III archtester

2021-02-27 19:55:08 UTC

Patch was included in 4.5.1, and tree is clean. All done!