Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 37: FEDORA-2023-f2a6d27239 Critical: radare2 Heap Overflow

fedora
Calendar Grey November 14, 2023
Dist Fedora Esm H88
The latest radare2 update for Fedora 37 focuses on fixing heap overflow vulnerabilities through important security patches, enhancing overall system protection.
- cherrypick from upstream master patches for known vulnerabilities: - CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler - CVE-2023-5686 - heap-buffer-overflow in...

Summary

The radare2 is a reverse-engineering framework that is multi-architecture,

multi-platform, and highly scriptable. Radare2 provides a hexadecimal

editor, wrapped I/O, file system support, debugger support, diffing

between two functions or binaries, and code analysis at opcode,

basic block, and function levels.

Update Information:

- cherrypick from upstream master patches for known vulnerabilities: - CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler - CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c

Change Log

* Thu Oct 26 2023 Michal Ambroz 5.8.8-2 - cherrypick from upstream master patches for known vulnerabilities: - CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler - CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c * Fri Jul 21 2023 Fedora Release Engineering - 5.8.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2233321 - CVE-2023-4322 radare2: Heap-based Buffer Overflow in the bf dissassembler [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2233321 [ 2 ] Bug #2233322 - CVE-2023-4322 radare2: Heap-based Buffer Overflow in the bf dissassembler [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2233322 [ 3 ] Bug #2245329 - CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2245329 [ 4 ] Bug #2245330 - CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2245330

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f2a6d27239' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: radare2
Product: Fedora 37
Version: 5.8.8
Release: 2.fc37
Summary: The reverse engineering framework

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here