Source: radare2 Version: 1.3.0+dfsg-1 Severity: important Tags: security upstream patch Forwarded: https://github.com/radare/radare2/issues/7152
Hi, the following vulnerability was published for radare2. CVE-2017-7274[0]: | The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 | allows remote attackers to cause a denial of service (NULL pointer | dereference and application crash) via a crafted PE file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. AFAICS the version in sid is not affected, since the corresponding parsers were added only in 1.3.0. Would be great if you can confirm. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7274 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7274 [1] https://github.com/radare/radare2/issues/7152 [2] https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf Regards, Salvatore
