CVE-2017-15368
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-15368
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15368.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-15368
- Published
- 2017-10-16T01:29:01.030Z
- Modified
- 2025-11-21T08:38:55.581959Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The wasmdis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect rhex_bin2str call.
- References
Affected packages
Git / github.com/radare/radare2
Git / github.com/radareorg/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0
2.*
2.0.0
Other
radare2-windows-nightly
termux
Database specific
vanir_signatures
[
{
"source": "https://github.com/radareorg/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515",
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2017-15368-0bd237f3",
"target": {
"function": "wasm_dis",
"file": "libr/asm/arch/wasm/wasm.c"
},
"digest": {
"length": 8944.0,
"function_hash": "220973872098731940812092874540402311170"
},
"deprecated": false
},
{
"source": "https://github.com/radareorg/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515",
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2017-15368-7eab9e68",
"target": {
"file": "libr/asm/arch/wasm/wasm.c"
},
"digest": {
"line_hashes": [
"264992558448024667854249177351062730901",
"333437584711275879921249801947901073891",
"190826572119966711749169165895605270774",
"114233611036187745318326970545029509349",
"42073040184298198897620049621078341959",
"181092958784557052559707139485284959272",
"329092736694650349859053289205199862615",
"213117915042792317916694154683355287783",
"329777032915206919193173388803592916135",
"74924640570297500604480964461276825573",
"22655722049319263921495072085600989198",
"31116586002094253221260480378756839046",
"302904642283406408172131007475488142198",
"43587005996764303487955361185369441174",
"126241374497284361037396170545756530154",
"9267414059130277964538738099062741723",
"254846897502635673712391654099710030653",
"330523957279119370271402730400897249420",
"289757265379566316237616801862019256728",
"173859399597882282154978915592156315904",
"251573502438275019381361271843147405376",
"118540288796176528195953084196175092561",
"108711163085664935651869682536057843086",
"212511558419246659020814486924840867793",
"243927298559685498776389528001194428610",
"307659664363274250767379498754760745886",
"73823874787572897330743414190526071010",
"241684039061993393448047512187792782052",
"201763234123213232226574511313452922510",
"255885969774870139124257216155955713231"
],
"threshold": 0.9
},
"deprecated": false
}
]