CVE-2023-1605: Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. Patch: https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f Commit not actually in 5.8.6.
CVE-2023-27114 (https://github.com/radareorg/radare2/issues/21363): radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. Fix is in 5.8.4: https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509
(In reply to John Helmert III from comment #0) > CVE-2023-1605: > > Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. > > Patch: > https://github.com/radareorg/radare2/commit/ > 508a6307045441defd1bef0999a1f7052097613f > > Commit not actually in 5.8.6. ... now it is! And 5.8.6 is in the tree.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd0ec87d6d8984f7c89de21f735f487d331ab8ac commit dd0ec87d6d8984f7c89de21f735f487d331ab8ac Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-06-09 04:43:27 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 04:43:42 +0000 dev-util/radare2: drop 5.8.2 Bug: https://bugs.gentoo.org/903151 Signed-off-by: John Helmert III <ajak@gentoo.org> dev-util/radare2/Manifest | 5 -- dev-util/radare2/radare2-5.8.2.ebuild | 125 ---------------------------------- 2 files changed, 130 deletions(-)
