Division by Zero Vulnerability in Radare2 Mach-O Parser
CVE-2021-32494

10CRITICAL

Key Information:

Vendor: Radare2
Status: Radare2
Vendor: CVE Published:; 7 July 2023

What is CVE-2021-32494?

Radare2 is susceptible to a division by zero vulnerability in its Mach-O parser's rebase_buffer function. This flaw can be exploited by attackers through crafted inputs, resulting in a denial of service situation. Proper inputs can lead to unexpected behavior in the processing of Mach-O binaries, highlighting the importance of validating inputs to prevent service disruptions.

Affected Version(s)

radare2 5.3.0-git 26142

References

https://github.com/radareorg/radare2/issues/18667

https://github.com/radareorg/radare2/commit/a07dedb804a82...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2023
Vulnerability Reserved
May 10, 2021

CVE-2021-32494 Data

JSON