Description

A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.

Related CPE's

a

radare

radare2-extras

Vulnerable

References

https://cwe.mitre.org/data/definitions/122.html

Technical Description

https://github.com/radareorg/radare2-extras/pull/255

PatchThird Party Advisory

https://github.com/radareorg/radare2-extras/pull/255/commits/4a8b24475549ff10bdf6d07fd4b5f6c1cc6246ea

PatchThird Party Advisory

https://github.com/radareorg/radare2-extras/pull/255/commits/9f6a221433964d9b14f3ed78bc9fb059395b893b

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-14T22:15:10.490

3 years ago

Last modified

2022-10-26T13:48:08.803

2 years ago