Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 38: RADAR2 5.8.8 Moderate Heap Overflow Advisory

fedora
Calendar Grey November 14, 2023
Dist Fedora Esm H88
Fedora 38 has released a vital update for radare2 addressing vulnerabilities CVE-2023-4322 and CVE-2023-5686, which involve heap overflow risks, improving security and stability for users
- cherrypick from upstream master patches for known vulnerabilities: - CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler - CVE-2023-5686 - heap-buffer-overflow in...

Summary

The radare2 is a reverse-engineering framework that is multi-architecture,

multi-platform, and highly scriptable. Radare2 provides a hexadecimal

editor, wrapped I/O, file system support, debugger support, diffing

between two functions or binaries, and code analysis at opcode,

basic block, and function levels.

Update Information:

- cherrypick from upstream master patches for known vulnerabilities: - CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler - CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c

Topics%20covered

Topics Covered

security advisory fedora update information patch heap overflow risk radare2

Change Log

* Thu Oct 26 2023 Michal Ambroz 5.8.8-2 - cherrypick from upstream master patches for known vulnerabilities: - CVE-2023-4322 - heap-buffer-overflow in the brainfuck dissassembler - CVE-2023-5686 - heap-buffer-overflow in /radare2/shlr/java/code.c * Fri Jul 21 2023 Fedora Release Engineering - 5.8.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

References


[ 1 ] Bug #2233321 - CVE-2023-4322 radare2: Heap-based Buffer Overflow in the bf dissassembler [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2233321 [ 2 ] Bug #2233322 - CVE-2023-4322 radare2: Heap-based Buffer Overflow in the bf dissassembler [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2233322 [ 3 ] Bug #2245329 - CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2245329 [ 4 ] Bug #2245330 - CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2245330

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-ffaebb1e10' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: radare2
Product: Fedora 38
Version: 5.8.8
Release: 2.fc38
URL: https://radare.org/
Summary: The reverse engineering framework

Topics%20covered

Topics Covered

security advisory fedora update information patch heap overflow risk radare2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here