Out-of-Bounds Read in radare2 by radareorg
CVE-2023-46570

9.8CRITICAL

Key Information:

Vendor: Radare
Status: Radare2
Vendor: CVE Published:; 28 October 2023

What is CVE-2023-46570?

An out-of-bounds read vulnerability exists in the print_insn32 function within libr/arch/p/nds32/nds32-dis.h of radare2 versions 5.8.9 and earlier. This security issue could allow attackers to read sensitive data or cause unforeseen behavior in applications using the affected software. The flaw arises due to improper handling of certain inputs, underscoring the importance of regular updates and patches to maintain robust security.

References

https://github.com/radareorg/radare2/issues/22333

https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244a...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2023
Vulnerability Reserved
Oct 23, 2023

CVE-2023-46570 Data

JSON

Radare

What is CVE-2023-46570?

References

CVSS V3.1

Timeline