SB2020020454 - Fedora EPEL 7 update for radare2
Published: February 4, 2020 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2019-16718)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.
2) Input validation error (CVE-ID: CVE-2019-19647)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the r_asm_pseudo_incbin(0 function at libr/asm/asm.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
3) Integer overflow (CVE-ID: CVE-2019-19590)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to integer overflow for the variable "new_token_size" in the "r_asm_massemble" function in "libr/asm/asm.c". A remote attacker can trigger integer overflow, which will result in a Use-After-Free for the buffer tokens and cause a denial of service (DoS) condition or possibly execute arbitrary code via crafted input.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.