Candidate: CVE-2019-19590
PublicDate: 2019-12-05 02:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19590
 https://github.com/radareorg/radare2/issues/15543
Description:
 In radare2 through 4.0, there is an integer overflow for the variable
 new_token_size in the function r_asm_massemble at libr/asm/asm.c. This
 integer overflow will result in a Use-After-Free for the buffer tokens,
 which can be filled with arbitrary malicious data after the free. This
 allows remote attackers to cause a denial of service (application crash) or
 possibly execute arbitrary code via crafted input.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889
 https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889
 https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_radare2:
 upstream: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70
upstream_radare2: released (4.1.0)
precise/esm_radare2: DNE
trusty_radare2: ignored (out of standard support)
trusty/esm_radare2: DNE
xenial_radare2: ignored (end of standard support, was needed)
bionic_radare2: needed
disco_radare2: ignored (reached end-of-life)
eoan_radare2: ignored (reached end-of-life)
focal_radare2: not-affected (4.2.1+dfsg-1)
groovy_radare2: not-affected (4.2.1+dfsg-1)
hirsute_radare2: DNE
impish_radare2: DNE
jammy_radare2: DNE
devel_radare2: DNE