Resource Exhaustion Vulnerability in Radare2 for MIPS Architecture
CVE-2021-4021

7.5HIGH

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 24 February 2022

What is CVE-2021-4021?

A resource exhaustion vulnerability exists in Radare2, which is exploited by mapping a large section of an ELF64 binary filled with zeros for MIPS architecture. This process can lead to uncontrolled resource consumption and ultimately result in denial of service (DoS). It is crucial for users running affected versions to apply updates or patches to mitigate this issue.

Affected Version(s)

radare2 radare2 5.6.2, radare2 5.6.0, radare2 5.5.4 and radare2 5.5.2

References

https://github.com/radareorg/radare2/issues/19436

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Nov 25, 2021

CVE-2021-4021 Data

JSON