736800 – (CVE-2020-17487) <dev-util/radare2-4.5.1: Crash caused by malformed PE file (CVE-2020-17487)

Bug 736800 (CVE-2020-17487) - <dev-util/radare2-4.5.1: Crash caused by malformed PE file (CVE-2020-17487)

Summary: <dev-util/radare2-4.5.1: Crash caused by malformed PE file (CVE-2020-17487)

Status:	RESOLVED FIXED

Alias:	CVE-2020-17487

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://github.com/radareorg/radare2/...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2020-08-11 21:40 UTC by Sam James
Modified:	2020-11-04 15:33 UTC (History)
CC List:	2 users (show)

See Also:	CVE-2020-16269
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-08-11 21:40:09 UTC

Description:
"radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY."

Comment 1 John Helmert III archtester

2020-10-07 15:07:58 UTC

Looks fixed by 4.5.1. Please cleanup.

Comment 2 John Helmert III archtester

2020-11-04 15:31:05 UTC

Tree is clean.

commit 962601992ebe74f65e47cee7097234967b7a0ce6
Author: Sergei Trofimovich <slyfox@gentoo.org>
Date:   Sun Oct 18 13:31:12 2020 +0100

    dev-util/radare2: drop old
    
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 delete mode 100644 dev-util/radare2/radare2-4.5.0.ebuild