Date: Wed, 25 May 2022 13:46:21 +0300 From: Dimitrios Glynos <dimitris@...sus-labs.com> To: oss-security@...ts.openwall.com Subject: multiple vulnerabilities in radare2 Hello all, Angelos T. Kalaitzidis of CENSUS had identified three vulnerabilities in radare2: - A null pointer dereference bug (CVE-2022-0419, fixed in version 5.6.0) - A heap buffer overflow bug (CVE-2021-44975, fixed in version 5.6.0) - A null pointer dereference bug (CVE-2021-44974, fixed in version 5.5.4) They're all triggerable by having radare2 process a crafted binary. There's more information about these issues here: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ We're mostly sending this for CVE-to-patch coordination purposes for distros, as the issues have been addressed some time ago (back in February) by the upstream project. Kind regards, Dimitris Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.