CVE-2017-9763
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9763
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9763.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-9763
- Downstream
- Related
- Published
- 2017-06-19T16:29:00Z
- Modified
- 2025-10-18T08:50:55.226119Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The grubext2read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
- References
Affected packages
Git / github.com/radare/radare2
Git / github.com/radare/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
Other
radare2-windows-nightly
termux
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"id": "CVE-2017-9763-05363d69",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"function": "read_foo",
"file": "shlr/grub/grubfs.c"
},
"digest": {
"function_hash": "50093018079397421244896597625361418417",
"length": 376.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2017-9763-30cef2de",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"file": "shlr/grub/fs/fshelp.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"186192924943756464181763555468864139430",
"55641443319602446229850769205920497332",
"280491680466794651509080843090589583145",
"335547032378663905044374140292899536908",
"84605424548030769826230501012879486515",
"204585601128743335604923370748394952071",
"274001338190221945543577377624447255821",
"29470823629993633763088166675509386907",
"77048903976461696628390808984920145068",
"108279792785668547282723233056326062797",
"30707623108428319697238147008768066209",
"17294681400476419472155064633915823995",
"318398608218744789927169278738284017550",
"54326198250660399117976150061382806738",
"284251345188455141154688292533486783701",
"239362451981981155886269902084539202684",
"99762480894482447437095134022924549038",
"11140299178830045788490440439895233252",
"127590469295486441905155672015917411150",
"47151762129937537056676130369946488748",
"279930666189319864152286659370523607874",
"98802950983847466185216709189637026064",
"253442857673114620266962356932518903308",
"104761907997859093466052376272933399319",
"122081251909522552226823932706268461821",
"108379032108172281178661483660725672545",
"195475526482436579877302625602072293734",
"47831699401726851470097140579044625237",
"22003009227386499766424784532167857822",
"118774765678929157706531352747980182379",
"298310316936785777164833107946358443393",
"47831699401726851470097140579044625237",
"19381685869748245634235453626177342162",
"264965909313579462550135299059727676152",
"271760460014754386516827933196152451829",
"28882823041337907541559222846338183804",
"121655865484876201030595111565188401603",
"267890882276940072979658247343151679827",
"301477685496130702639793581335712058051",
"276271754923964046551853808176987449618",
"240629441103717783030061037482148785443"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2017-9763-3ab35a14",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"function": "grub_ext2_read_block",
"file": "shlr/grub/fs/ext2.c"
},
"digest": {
"function_hash": "5358739801597375888075515559845817795",
"length": 2187.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2017-9763-77232ba6",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"function": "grubfs_free",
"file": "shlr/grub/grubfs.c"
},
"digest": {
"function_hash": "129736570694893583605147092088718139507",
"length": 198.0
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2017-9763-87e330d2",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"function": "grub_ext4_find_leaf",
"file": "shlr/grub/fs/ext2.c"
},
"digest": {
"function_hash": "46771588241065082909032980171406297743",
"length": 668.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2017-9763-b8aded61",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"file": "shlr/grub/grubfs.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"301058715867216620952357061448243191514",
"95149947176210170162992520935503454731",
"132574218014218162798985651534673233816",
"69581920306702710679602574438468967729",
"158838712395356516446770924811570755577",
"252436078407093388975137781070473915337",
"103249973437406645692632666767422217783",
"335238160071602887485396467765459579975",
"45219350962703362658246956591640021443",
"197391091661932353348121682841742408171",
"264216382799603318970090638930130780002",
"266798217376443730594157728320867802561",
"288272531172043511039197895838433884727",
"4737624621383553246422969282198505386",
"204150256656752719418810262271837195326",
"323865594284602165293588027599854069323",
"38401682018253032932776900050501333642",
"291940168772362371677276577506363654715",
"324765301828350707043440277804321143201",
"177854177138054263145304018668756461331"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2017-9763-c21d99df",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"function": "find_file",
"file": "shlr/grub/fs/fshelp.c"
},
"digest": {
"function_hash": "332445747652689894180029897440306037795",
"length": 1719.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2017-9763-df891239",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"file": "shlr/grub/fs/ext2.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"339525229199748344290306345503478282620",
"222200389505852733429193073323250185356",
"241504787028611616403329624348211765919",
"300868003450100860965984208983154631816",
"133924978023570486647487948296431157060",
"116526699751831409135158280023540613869",
"98656652165235080782174240723440839108",
"250070622313891370584916767660052046160",
"320312120450066058439396168058639583273",
"289541844095405112220300656285201283925",
"260298490242029182887304412681667944029",
"37557710624163169337518233377207711241",
"180653810247347581706092354112883108636",
"204126317663260488601069231273482163197",
"75386587373905772987496838439160876932",
"61686710178683975765411909850400562778",
"48221508099920276607001464292899339440",
"240529355594163499949914149342415906588",
"277805534490562885367708533888553808947",
"172548295353743586125322308962435348870",
"304429506354674013109940295315050924325",
"250845774893524231477134835523263252724",
"94551862412227510193880087356730407773",
"149477982235669364471824842658424639243",
"109083218170280104576082492087249981827",
"136557719443355028256319333696975871943",
"271508103359918646144132622510414164520",
"329826293897495945217844226993021540649",
"244642770564537728406410155355067334838",
"39370405049754942690940293290980257575",
"84218656446447908750975530722631681420",
"253002013232070758586008306802944247872",
"322223387899653965601138368812335333193",
"57604709919998006505632448644109607117",
"102557247731171514275284393477393818176",
"330655791419397568051619500332449745290",
"116259935465662466563075465913121780609",
"50177346325997542293718714144850977424",
"110343528105602764548968639607288225555",
"191467395003722974702880442325933277694",
"144242204795801978964019603399297405006",
"328063764706946413710982618754664150797",
"338653582432801382940331992819578743908",
"280721982483138478719227712595574790498",
"266775025380469224405754609724409309334",
"262772942434220355650585730651901261658",
"330655791419397568051619500332449745290",
"116259935465662466563075465913121780609",
"50177346325997542293718714144850977424",
"63613608119732956511887306772346846910",
"86487691068456914593190850403400069125",
"112867775805365609308557368406444010804",
"250117557131860238322385124442065600496",
"213147082822050059025578530083050642289",
"292408406052302025128060191803498650382",
"263838061741008275256673970016128725541",
"188148200181771781323289339721508477982",
"159446248825788274992468365536101017880",
"231056573439990664475065955470963898591",
"217533202220890909073126440175194769576",
"289002263518547638810109023663292739815",
"154077834138900797051979678854888060103"
]
},
"deprecated": false
},
{
"signature_type": "Function",
"id": "CVE-2017-9763-e1e9b44d",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"function": "cmd_mount",
"file": "libr/core/cmd_mount.c"
},
"digest": {
"function_hash": "92403959334808391447369127527452268512",
"length": 5053.0
},
"deprecated": false
},
{
"signature_type": "Line",
"id": "CVE-2017-9763-f4ea7da1",
"source": "https://github.com/radareorg/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd",
"signature_version": "v1",
"target": {
"file": "libr/core/cmd_mount.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"17066276163921448757478639219495715351",
"154923386017967576517042052477700171379",
"125375790013521855693078949107827100802",
"203821503403614395967185205454342553505",
"120856451280034629035729055038681603043",
"295482430608757597300479880042768388257",
"108516260192474873094970822548966153283",
"329822881746955285835430064333303546047",
"67556828127070464624648406910241327830",
"197973765968362250097320823795265037913",
"74282516914068957685065426267196447948",
"116235760885631058641636323301341626793",
"19812639229312197322467841948373886001",
"123666584445769013547712792293249392704",
"38695699109056972736632725240214444018"
]
},
"deprecated": false
}
]