CVE-2017-16805

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-16805
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16805.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-16805
Downstream
Published
2017-11-13T21:29:00.237Z
Modified
2025-12-02T23:18:45.133472Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to rbindwarfparsecompunit in dwarf.c and sdbset_internal in shlr/sdb/src/sdb.c.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radare/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/radareorg/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0

2.*

2.0.0
2.0.1

Other

radare2-windows-nightly
termux

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "function": "r_bin_dwarf_parse_attr_value",
            "file": "libr/bin/dwarf.c"
        },
        "id": "CVE-2017-16805-833d5570",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d",
        "signature_type": "Function",
        "digest": {
            "function_hash": "309905875404444310278761324738514951938",
            "length": 4452.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "r_bin_dwarf_dump_debug_info",
            "file": "libr/bin/dwarf.c"
        },
        "id": "CVE-2017-16805-b54fa1c9",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d",
        "signature_type": "Function",
        "digest": {
            "function_hash": "307873831487524630253809792820560621146",
            "length": 1652.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "libr/bin/dwarf.c"
        },
        "id": "CVE-2017-16805-c73c7d5e",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "326401415171005190553074048362084762411",
                "47169782882299309590186777992035464869",
                "39741267706218039551179781983158164351",
                "266577309111734529230060639545328303935",
                "1129155443984092837339000484011434559",
                "262714491272500468688876551498019052316",
                "255217210449050203630628353614115764453",
                "58253210461836338313170203403653597885",
                "111641101179059694555197790533704202801",
                "259574082581576518198229350703239390597",
                "50291575660520975310308576268580694662",
                "199826678063163164017514385797775727563",
                "272001956579560092219529189568782034889",
                "215014816513444055163277410209333914490",
                "315566680451802448493463948539057616418",
                "81923441713708386635598935978872592174",
                "206203147040860471315171461531335737283",
                "267558789793490116676678460015603040112",
                "227229558748991830648345966388377207048",
                "235161698239726795274483436500456079297",
                "215080781156839936172080281740189180705",
                "212162115889976409291341520950507172197",
                "311424095035754608203512898389639496415",
                "75077439232754734706754508572575378520",
                "261476703194467188645961018873367329061",
                "119165045722379264054337806060202178612",
                "18012366597765520397190120548395720171",
                "176736972593425314413586945383055295957",
                "321286178592047978789409885462163718519",
                "31239719833637811804475394973857148669",
                "313973956717903047565764800881173274580",
                "181815125225250262290490440602671159013",
                "213357212232432197918515534138918386097",
                "18012366597765520397190120548395720171",
                "201822177383786033013598662243705347637",
                "105154049718442711214192457073834079911",
                "86636048803693507985248759915100405671",
                "199295761972394292655311248441392010074",
                "109845484253265779867205355365779800572",
                "338998987908759764457348990848046655468"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "libr/include/r_bin_dwarf.h"
        },
        "id": "CVE-2017-16805-ced1af9e",
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "337993711084511490199249331436501381109",
                "90966592350706017073997720339166818668",
                "185319938568685557368582455554332867889",
                "247224920984977744414829133143377332673"
            ]
        }
    }
]