CVE-2019-12865 : In radare2 through 3.5.1, cmd_mount in libr/core/cmd

In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.

Published 2019-06-17 23:15:13

Updated 2019-07-30 03:15:11

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2019-12865

Radare » Radare2
Versions up to, including, (<=) 3.5.1
cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.26%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-415 Double Free

The product calls free() twice on the same memory address.

Assigned by: nvd@nist.gov (Primary)

https://github.com/radare/radare2/issues/14334

Double-Free in cmd_mount Causes Crash · Issue #14334 · radare/radare2 · GitHub
Exploit;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IEXZWAMVKGZKHALV4IVWQS2ORJKRH57U/

[SECURITY] Fedora 30 Update: cutter-re-1.8.3-1.fc30 - package-announce - Fedora Mailing-Lists

CVEs referencing this url

Jump to