Alpine: multiple radare2 packages: security update to 4.4.0-r0

critical Tenable Self-Hosted Container Security Plugin ID 406876

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could
allow an attacker to cause a crash, and perform a denail of service attack. (CVE-2020-27793)

- A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead
to modification of unexpected memory locations and potentially causing a crash. (CVE-2020-27794)

- A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command
"adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in
(core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in
ensure_fcn_range (fcn). (CVE-2020-27795)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-27793

https://security.alpinelinux.org/vuln/CVE-2020-27794

https://security.alpinelinux.org/vuln/CVE-2020-27795

Plugin Details

Severity: Critical

ID: 406876

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.04

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2020-27794

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/19/2022

Reference Information

CVE: CVE-2020-27793, CVE-2020-27794, CVE-2020-27795