903151 – (CVE-2023-1605, CVE-2023-27114) <dev-util/radare2-5.8.6: multiple DoS vulnerabilities

Bug 903151 (CVE-2023-1605, CVE-2023-27114) - <dev-util/radare2-5.8.6: multiple DoS vulnerabilities

Summary: <dev-util/radare2-5.8.6: multiple DoS vulnerabilities

Status:	IN_PROGRESS

Alias:	CVE-2023-1605, CVE-2023-27114

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://huntr.dev/bounties/9dddcf5b-7...
Whiteboard:	~3 [noglsa cleanup]
Keywords:

Depends on:
Blocks:

Reported:	2023-03-27 02:49 UTC by John Helmert III
Modified:	2023-05-30 03:24 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-03-27 02:49:01 UTC

CVE-2023-1605:

Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.

Patch: https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f

Commit not actually in 5.8.6.

Comment 1 John Helmert III archtester

2023-04-29 20:40:49 UTC

CVE-2023-27114 (https://github.com/radareorg/radare2/issues/21363):

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.

Fix is in 5.8.4: https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509

Comment 2 John Helmert III archtester

2023-05-30 03:24:37 UTC

(In reply to John Helmert III from comment #0)
> CVE-2023-1605:
> 
> Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
> 
> Patch:
> https://github.com/radareorg/radare2/commit/
> 508a6307045441defd1bef0999a1f7052097613f
> 
> Commit not actually in 5.8.6.

... now it is! And 5.8.6 is in the tree.