Source: radare2 X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for radare2. CVE-2021-44975[0]: | radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via | /libr/core/anal_objc.c mach-o parser. https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ Fixed in 5.6.0 CVE-2021-44974[1]: | radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer | Dereference via libr/bin/p/bin_symbols.c binary symbol parser. https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ Fixed in 5.5.4 CVE-2021-4021[2]: | A vulnerability was found in Radare2 in versions prior to 5.6.2, | 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an | ELF64 binary for MIPS architecture can lead to uncontrolled resource | consumption and DoS. https://github.com/radareorg/radare2/issues/19436 https://github.com/radareorg/radare2/commit/3fed0e322d9374891a3412811e5270dc535cea02 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-44975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44975 [1] https://security-tracker.debian.org/tracker/CVE-2021-44974 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44974 [2] https://security-tracker.debian.org/tracker/CVE-2021-4021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4021 Please adjust the affected versions in the BTS as needed.
