Vulnerability Details : CVE-2017-16357
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2017-16357
- cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16357
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16357
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-16357
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-16357
-
https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
Fixed crash in elf.c with 32bit r2 when shdr->sh_size > max size_t · radare/radare2@0b973e2 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://github.com/radare/radare2/issues/8742
Memory corruption on 32bit system · Issue #8742 · radare/radare2 · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
Jump to