Vulnerability Details CVE-2017-6197
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.1%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/96433
- https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989
- https://github.com/radare/radare2/issues/6816
- http://www.securityfocus.com/bid/96433
- https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989
- https://github.com/radare/radare2/issues/6816