Mageia 8 MGASA-2022-0440 Moderate: Radare2/Rizin DoS Threat
mageia
November 27, 2022
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS
Summary
In radare2 through 5.3.0 there is a double free vulnerability in the pyc
parse via a crafted file which can lead to DoS. (CVE-2021-32613)
A vulnerability was found in Radare2 in version 5.3.1. Improper input
validation when reading a crafted LE binary can lead to resource
exhaustion and DoS. (CVE-2021-3673)
A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0,
5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64
binary for MIPS architecture can lead to uncontrolled resource consumption
and DoS. (CVE-2021-4021)
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference
via libr/bin/p/bin_symbols.c binary symbol parser. (CVE-2021-44974)
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via
/libr/core/anal_objc.c mach-o parser. (CVE-2021-44975)
radare2 is vulnerable to Out-of-bounds Read. (CVE-2022-0173)
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to
5.6.0. (CVE-2022-0419)
Denial of Service in GitHub rep...
References
- https://bugs.mageia.org/show_bug.cgi?id=29163
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V2UL4V4XKSFJVNNUMFV443UJXGDBYGS4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JIARALLVVY2362AYFSFULTZKIW6QO5R5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IQIRJ72UALGMSWH6MYPVJQQLXFGZ23RS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/
- https://www.openwall.com/lists/oss-security/2022/05/25/1
- https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/
- https://www.cve.org/CVERecord?id=CVE-2021-3673
- https://www.cve.org/CVERecord?id=CVE-2021-4021
- https://www.cve.org/CVERecord?id=CVE-2021-32613
- https://www.cve.org/CVERecord?id=CVE-2021-44974
- https://www.cve.org/CVERecord?id=CVE-2021-44975
- https://www.cve.org/CVERecord?id=CVE-2022-0173
- https://www.cve.org/CVERecord?id=CVE-2022-0419
- https://www.cve.org/CVERecord?id=CVE-2022-0476
- https://www.cve.org/CVERecord?id=CVE-2022-0518
- https://www.cve.org/CVERecord?id=CVE-2022-0519
- https://www.cve.org/CVERecord?id=CVE-2022-0520
- https://www.cve.org/CVERecord?id=CVE-2022-0521
- https://www.cve.org/CVERecord?id=CVE-2022-0522
- https://www.cve.org/CVERecord?id=CVE-2022-0523
- https://www.cve.org/CVERecord?id=CVE-2022-0559
- https://www.cve.org/CVERecord?id=CVE-2022-0676
- https://www.cve.org/CVERecord?id=CVE-2022-0695
- https://www.cve.org/CVERecord?id=CVE-2022-0712
- https://www.cve.org/CVERecord?id=CVE-2022-0713
Topics Covered
Resolution
SRPMS
- 8/core/radare2-5.6.4-1.mga8
- 8/core/radare2-cutter-2.0.4-2.mga8
- 8/core/rizin-0.3.1-1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 27 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0440.html
Type: security
CVE: CVE-2021-3673,
CVE-2021-4021,
CVE-2021-32613,
CVE-2021-44974,
CVE-2021-44975,
CVE-2022-0173,
CVE-2022-0419,
CVE-2022-0476,
CVE-2022-0518,
CVE-2022-0519,
CVE-2022-0520,
CVE-2022-0521,
CVE-2022-0522,
CVE-2022-0523,
CVE-2022-0559,
CVE-2022-0676,
CVE-2022-0695,
CVE-2022-0712,
CVE-2022-0713
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!