MGASA-2020-0100

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0100.html

Import Source

https://advisories.mageia.org/MGASA-2020-0100.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0100

Related

Published

2020-02-24T21:44:46Z

Modified

2020-02-24T21:23:02Z

Summary

Updated radare2 packages fix security vulnerabilities

Details

Updated radare2 packages fix security vulnerabilities:

A vulnerability was found in radare2 through 4.0, there is an integer overflow for the variable newtokensize in the function rasmmassemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input (CVE-2019-19590).

radare2 through 4.0.0 lacks validation of the content variable in the function rasmpseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input (CVE-2019-19647).

The radare2 package has been updated to version 4.2.1, fixing these issues and other bugs.

Also, the radare2-cutter package has been updated to version 1.10.1.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0100

Affected packages