CVE-2023-1605 : Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.

Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.

Published 2023-03-23 19:15:13

Updated 2023-03-27 16:50:08

Source huntr.dev

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-1605

Radare » Radare2
Versions before (<) 5.8.6
cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	huntr.dev
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: security@huntr.dev (Primary)

https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2

SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs() vulnerability found in radare2
Exploit;Third Party Advisory
https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f

fix segfault when bin->symbols is NULL #21503 · radareorg/radare2@508a630 · GitHub
Patch

Jump to