Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 636184 (CVE-2017-16357, CVE-2017-16358, CVE-2017-16359) - <dev-util/radare2-2.1.0: Multiple vulnerabilities that result in denial of service
Summary: <dev-util/radare2-2.1.0: Multiple vulnerabilities that result in denial of se...
Status: RESOLVED FIXED
Alias: CVE-2017-16357, CVE-2017-16358, CVE-2017-16359
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Low trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa cve]
Keywords:
Depends on: CVE-2017-16805
Blocks:
  Show dependency tree
 
Reported: 2017-11-01 18:49 UTC by Aleksandr Wagner (Kivak)
Modified: 2018-06-13 20:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-11-01 18:49:27 UTC
CVE-2017-16359 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16359):

In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. 

References:

https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e
https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882
https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d
https://github.com/radare/radare2/issues/8764

CVE-2017-16358 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16358):

In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. 

References:

https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9
https://github.com/radare/radare2/issues/8748

CVE-2017-16357 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16357):

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. 

References:

https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
https://github.com/radare/radare2/issues/8742
Comment 1 Larry the Git Cow gentoo-dev 2017-11-27 22:55:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2869d5ce2b00c252852cece926192b8a6fe879d5

commit 2869d5ce2b00c252852cece926192b8a6fe879d5
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2017-11-27 22:55:35 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2017-11-27 22:55:46 +0000

    dev-util/radare2: drop old
    
    Reported-by: Daj' Uan (Jmbailey)
    Reported-by: Aleksandr Wagner (Kivak)
    Bug: https://bugs.gentoo.org/636184
    Bug: https://bugs.gentoo.org/637454
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-util/radare2/Manifest                          |  1 -
 .../radare2/files/radare2-2.0.1-635618-p1.patch    | 29 -----------
 .../radare2/files/radare2-2.0.1-635618-p2.patch    | 30 -----------
 dev-util/radare2/radare2-2.0.1-r1.ebuild           | 58 ----------------------
 4 files changed, 118 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f317b21403367e54ad982d541cd85aa62a633753

commit f317b21403367e54ad982d541cd85aa62a633753
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2017-11-27 22:54:35 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2017-11-27 22:55:46 +0000

    dev-util/radare2: bump up to 2.1.0
    
    Reported-by: Daj' Uan (Jmbailey)
    Reported-by: Aleksandr Wagner (Kivak)
    Bug: https://bugs.gentoo.org/636184
    Bug: https://bugs.gentoo.org/637454
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-util/radare2/Manifest             |  3 +-
 dev-util/radare2/radare2-2.1.0.ebuild | 56 +++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)}
Comment 2 Larry the Git Cow gentoo-dev 2018-04-10 06:37:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66b305975cdb7550b4111882dcae37d24ad297ca

commit 66b305975cdb7550b4111882dcae37d24ad297ca
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-10 06:37:11 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-10 06:37:48 +0000

    dev-util/radare2: drop old
    
    Bug: https://bugs.gentoo.org/651578
    Bug: https://bugs.gentoo.org/636184
    Bug: https://bugs.gentoo.org/637454
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 dev-util/radare2/Manifest                |  4 --
 dev-util/radare2/radare2-2.1.0-r1.ebuild | 63 --------------------------------
 dev-util/radare2/radare2-2.1.0-r2.ebuild | 56 ----------------------------
 dev-util/radare2/radare2-2.1.0.ebuild    | 59 ------------------------------
 dev-util/radare2/radare2-2.2.0.ebuild    | 56 ----------------------------
 dev-util/radare2/radare2-2.3.0.ebuild    | 56 ----------------------------
 dev-util/radare2/radare2-2.4.0.ebuild    | 56 ----------------------------
 7 files changed, 350 deletions(-)}