[Secure-testing-team] Bug#867369: radare2: CVE-2017-10929
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 6 03:49:22 UTC 2017
Source: radare2
Version: 0.9.6-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/radare/radare2/issues/7855
Hi,
the following vulnerability was published for radare2.
CVE-2017-10929[0]:
| The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0
| allows remote attackers to cause a denial of service (heap-based buffer
| overflow and application crash) or possibly have unspecified other
| impact via a crafted binary file, possibly related to a read overflow
| in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB
| 2.02.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10929
[1] https://github.com/radare/radare2/issues/7855
[2] https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85
Regards,
Salvatore
More information about the Secure-testing-team
mailing list