Denial of Service Vulnerability in Radare2 by Radare
CVE-2019-12802

7.8HIGH

Key Information:

Vendor

Radare

Status
Radare2
Vendor
CVE Published:
13 June 2019

What is CVE-2019-12802?

In versions of Radare2 up to 3.5.1, the function rcc_context in libr/egg/egg_lang.c improperly manages context changes, allowing remote attackers to induce a denial of service by causing an application crash. This flaw may also lead to potential impacts including invalid memory accesses in the r_egg_lang_parsechar function and improper memory releases in rcc_pusharg, posing a risk to application stability.

References

https://github.com/radare/radare2/issues/14296
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.