CVE-2017-15931 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15931): In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. References: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd https://github.com/radare/radare2/issues/8731 CVE-2017-15932 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15932): In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. References: https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9 https://github.com/radare/radare2/issues/8743 Note: Both of these bugs are only present in 32 bit systems.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3c5759b316133acdf7fc698df524bb5472b4a7a commit b3c5759b316133acdf7fc698df524bb5472b4a7a Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2017-10-28 21:06:25 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2017-10-28 21:06:36 +0000 dev-util/radare2: fix 32-bit overflow in ELF parsing, bug #635618 Bug: https://bugs.gentoo.org/635618 Package-Manager: Portage-2.3.13, Repoman-2.3.4 .../radare2/files/radare2-2.0.1-635618-p1.patch | 29 +++++++++++ .../radare2/files/radare2-2.0.1-635618-p2.patch | 30 +++++++++++ dev-util/radare2/radare2-2.0.1-r1.ebuild | 58 ++++++++++++++++++++++ 3 files changed, 117 insertions(+)}
Pushed both patches into 2.0.1-r1. Thanks!
Thank you for the patches, please clean the vulnerable version from the tree.
Cleanup was done in commit e8aa0865cee60af4e1e91918b2f1cf688b96bdd1.
