CVE-2023-47016

high

Description

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

References

https://github.com/radareorg/radare2/issues/22349

https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd

https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa

Details

Source: Mitre, NVD

Published: 2023-11-22

Updated: 2024-10-11

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00404