Segmentation Fault in Radare2 Command Handling
CVE-2020-27795

7.5HIGH

Key Information:

Vendor

Radare

Status
Radare2
Vendor
CVE Published:
19 August 2022

What is CVE-2020-27795?

A segmentation fault occurred in Radare2 when the 'adf' command is executed with invalid or no arguments. This leads to a null pointer dereference in the function ensure_fcn_range, resulting from the failure to retrieve function data correctly. If the command does not supply valid input, it can crash the application, affecting stability and potentially leading to a denial of service. Users are encouraged to update to the latest version to mitigate this issue.

Affected Version(s)

radare2 Fixed in v4.4.0.

References

https://github.com/radareorg/radare2/issues/16215
x_refsource_MISC
https://github.com/radareorg/radare2/pull/16230
x_refsource_MISC
https://github.com/radareorg/radare2/commit/4d3811681a80f...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.