CVE-2017-15385

EUVD-2017-6838
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
radareradare2
2.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
radare2
jessie
not-affected
sid
5.9.4+dfsg-1
fixed
trixie
5.9.4+dfsg-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
radare2
artful
ignored
bionic
not-affected
cosmic
not-affected
trusty
dne
xenial
not-affected
zesty
ignored
Common Weakness Enumeration
References
https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4
https://github.com/radare/radare2/issues/8685
https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4
https://github.com/radare/radare2/issues/8685