CVE-2017-7854

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7854
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7854.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7854
Published
2017-04-13T16:59:01.317Z
Modified
2025-11-14T05:18:55.628829Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The consumeinitexpr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radare/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/radareorg/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d2632f6483a3ceb5d8e0a5fb11142c51c43978b4

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git

Other

radare2-windows-nightly
termux

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 993.0,
            "function_hash": "230655148253589288958061650018985630215"
        },
        "target": {
            "file": "libr/bin/format/wasm/wasm.c",
            "function": "r_bin_wasm_get_element_entries"
        },
        "source": "https://github.com/radareorg/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4",
        "id": "CVE-2017-7854-323877fa",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "23064503938533862965036779265507038289",
                "75687207364331261030419399804016142679",
                "3285875785194008126866398608257989505",
                "115724333109661787341509706680148962863",
                "33508223124529990325032710706777349407",
                "24186446093081999744067227057960734896",
                "224537788075113192254570036892252307143",
                "139736949258129745897427221961159676130",
                "202324843410836778869144896865789929126",
                "331495158313242461245008898982216478959",
                "302746456341054249019821053853766451277",
                "289327409731370596930323074466621727746",
                "242483317687057525001820951353820657635",
                "68445498772755956524426034572912270089",
                "132484732282455191330004551635005414672",
                "158497085298770703397383896519765946213",
                "88399385709452418215959052903788338300",
                "312976842217690933083724263323149036679",
                "319748796475456796268501352248025989183",
                "85648327910994474173812519271842892638",
                "163266931817511511734580783522305695317",
                "271845702251807196673245342094700614238",
                "310503074136651463302205663512403961880",
                "305270179476833802350713156201701930572",
                "322862898973115517751609370511554625193",
                "239039257341181585593814971651036184620",
                "9418574509137915373115128081409581060",
                "310827779329396562238603902013100009743",
                "141728099614950991160782106431181664188",
                "157078369585408058791568120045543864416",
                "173011988595716047843404909394404008974",
                "20914479174847643275944558984229772145",
                "194991715211060034320715869273306655876",
                "36787220603006652122166321483034816446",
                "315526277714400569325802049770283186212",
                "24466610932215497011172266789212171836",
                "141002875379370336573508391390296504545",
                "158096692388351026869413671558727716802",
                "285581165474525066127390359536403618850",
                "337357027035097416729145414896871292825",
                "34461058677341885401388700642640972690",
                "4910674637653867362062332232453964601",
                "177407751000405554003695973395070245832",
                "280432103186151742643614925013570140989",
                "174888276433541926990468694601628172041",
                "290790616536288491265387322651919017614",
                "80117870439266891204813964799532354295",
                "333486996912640775866941932578516957553",
                "68445498772755956524426034572912270089",
                "132484732282455191330004551635005414672",
                "158497085298770703397383896519765946213",
                "88399385709452418215959052903788338300",
                "157203605032836661905334017444437755945",
                "159920823526503334837778977189728495692",
                "315776956590211208670376621733328822492",
                "68445498772755956524426034572912270089",
                "132484732282455191330004551635005414672",
                "158497085298770703397383896519765946213",
                "88399385709452418215959052903788338300",
                "4381485118661763231845553461478387923",
                "156819963178951790988850409587351059692",
                "336811635192435355928391444173768407027",
                "329931369816420436734207708051583054526",
                "10780231780835626603863719608924387540",
                "305270179476833802350713156201701930572",
                "322862898973115517751609370511554625193",
                "239039257341181585593814971651036184620",
                "327478915262647194333302400087245331677",
                "162381198981787154071001266406104151378",
                "221297791088818865198524390335448605604",
                "322205106299132562983289426043165714770",
                "105533365817354480363379688420408371853",
                "295538905123418025275895720666961548902",
                "73260050421334791646861682869293832184",
                "52211022993740452950981275640868944081",
                "51033398667855259070517305868706341226",
                "215934601112160160795462837133397281062",
                "150222569091813732744666780803308639360",
                "214057002058016630508668917727183229240",
                "19388299981499478999442448049841798165",
                "171667868786585619177634868000964031174",
                "22874582870898425970408916742311179275",
                "266363600733995334939823541787789874276",
                "285581165474525066127390359536403618850",
                "337357027035097416729145414896871292825",
                "237504891096311520510804210405269094989"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "libr/bin/format/wasm/wasm.c"
        },
        "source": "https://github.com/radareorg/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4",
        "id": "CVE-2017-7854-394f7b7c",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "digest": {
            "length": 977.0,
            "function_hash": "317733898788903217491246749717907220566"
        },
        "target": {
            "file": "libr/bin/format/wasm/wasm.c",
            "function": "r_bin_wasm_get_global_entries"
        },
        "source": "https://github.com/radareorg/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4",
        "id": "CVE-2017-7854-9b2171a5",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 906.0,
            "function_hash": "100548069398976928867257847570735586705"
        },
        "target": {
            "file": "libr/bin/format/wasm/wasm.c",
            "function": "r_bin_wasm_get_data_entries"
        },
        "source": "https://github.com/radareorg/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4",
        "id": "CVE-2017-7854-afbcfe29",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "digest": {
            "length": 292.0,
            "function_hash": "174184899885304418912855136059178748671"
        },
        "target": {
            "file": "libr/bin/format/wasm/wasm.c",
            "function": "consume_init_expr"
        },
        "source": "https://github.com/radareorg/radare2/commit/d2632f6483a3ceb5d8e0a5fb11142c51c43978b4",
        "id": "CVE-2017-7854-c588e1ae",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    }
]