Hi, On Tue, Mar 28, 2017 at 06:37:19AM +0200, Salvatore Bonaccorso wrote: > CVE-2017-7274[0]: > | The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 > | allows remote attackers to cause a denial of service (NULL pointer > | dereference and application crash) via a crafted PE file. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Thanks for the bug report. I just uploaded a fixed release to experimental. > AFAICS the version in sid is not affected, since the corresponding > parsers were added only in 1.3.0. Would be great if you can confirm. Ack. -- Sebastian
signature.asc
Description: PGP signature
