radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Radare2 | Radare | * | 4.0.0 (including) |
| Radare2 | Ubuntu | bionic | * |
| Radare2 | Ubuntu | disco | * |
| Radare2 | Ubuntu | eoan | * |
| Radare2 | Ubuntu | esm-apps/bionic | * |
| Radare2 | Ubuntu | esm-apps/xenial | * |
| Radare2 | Ubuntu | lunar | * |
| Radare2 | Ubuntu | trusty | * |
| Radare2 | Ubuntu | upstream | * |
| Radare2 | Ubuntu | xenial | * |
Potential Mitigations
References
- https://github.com/radareorg/radare2/issues/15545
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/
- https://github.com/radareorg/radare2/issues/15545
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/