CVE-2017-15368

EUVD-2017-6822
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
radareradare2
2.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
radare2
jessie
not-affected
sid
5.9.4+dfsg-1
fixed
trixie
5.9.4+dfsg-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
radare2
trusty
dne
xenial
not-affected
zesty
not-affected
Common Weakness Enumeration
References
https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
https://github.com/radare/radare2/issues/8673
https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
https://github.com/radare/radare2/issues/8673