Bug 1121084 (CVE-2018-20461)

Summary:	VUL-1: CVE-2018-20461: radare2: A DOS is possible by crafting a binary file in cmd_anal.c
Product:	[openSUSE] openSUSE Distribution	Reporter:	Alexandros Toptsoglou <atoptsoglou>
Component:	Security	Assignee:	Daniel Molkentin <daniel>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Minor
Priority:	P5 - None
Version:	Leap 15.0
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/221737/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Alexandros Toptsoglou 2019-01-08 14:06:07 UTC

In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows
attackers to cause a denial-of-service (application crash caused by
out-of-bounds read) by crafting a binary file.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1663998
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20461
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20461.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20461
http://www.cvedetails.com/cve/CVE-2018-20461/
https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267
https://github.com/radare/radare2/issues/12375

Comment 1 Alexandros Toptsoglou 2019-01-08 14:06:43 UTC

This has been already fixed since version 3.1.1 is available.