Out-of-Bounds Read in Radare2's NDS32 Disassembler Function
CVE-2023-46569

9.8CRITICAL

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 28 October 2023

What is CVE-2023-46569?

An out-of-bounds read vulnerability affects the Radare2 disassembler, specifically within the print_insn32_fpu function in the NDS32 architecture implementation. This issue is present in version 5.8.9 and earlier, potentially allowing attackers to access sensitive information or cause unintended behavior within the application.

References

https://github.com/radareorg/radare2/issues/22334

https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee24...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2023
Vulnerability Reserved
Oct 23, 2023

CVE-2023-46569 Data

JSON