Advisories » MGASA-2020-0100

Updated radare2 packages fix security vulnerabilities

Publication date: 24 Feb 2020
Modification date: 24 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19590 , CVE-2019-19647

Description

Updated radare2 packages fix security vulnerabilities:

A vulnerability was found in radare2 through 4.0, there is an integer
overflow for the variable new_token_size in the function r_asm_massemble
at libr/asm/asm.c. This integer overflow will result in a Use-After-Free
for the buffer tokens, which can be filled with arbitrary malicious data
after the free. This allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via crafted input
(CVE-2019-19590).

radare2 through 4.0.0 lacks validation of the content variable in the
function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an
arbitrary write. This allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via crafted
input (CVE-2019-19647).

The radare2 package has been updated to version 4.2.1, fixing these issues
and other bugs.

Also, the radare2-cutter package has been updated to version 1.10.1.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26232
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DUW4XXPI6XCI2G4X22EP3TKU2APLQ5XD/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19590
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19647

SRPMS

7/core

• radare2-4.2.1-1.mga7
• radare2-cutter-1.10.1-1.mga7