Vulnerability Details : CVE-2023-47016
Potential exploit
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.
Products affected by CVE-2023-47016
- cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-47016
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-47016
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-11 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-47016
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-47016
-
https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd
Fix #22349 - oobread in xnu kernelcache ##crash · radareorg/radare2@40c9f50 · GitHubPatch
-
https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa
CVE-2023-47016.txt · GitHubExploit;Third Party Advisory
-
https://github.com/radareorg/radare2/issues/22349
heap-buffer-overflow at /radare2/libr/include/r_endian.h:194:17 in r_read_le32 · Issue #22349 · radareorg/radare2 · GitHubExploit;Patch
Jump to