Candidate: CVE-2017-15931
PublicDate: 2017-10-27 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15931
 https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
 https://github.com/radare/radare2/issues/8731
Description:
 In radare2 2.0.1, an integer exception (negative number leading to an
 invalid memory access) exists in store_versioninfo_gnu_verneed() in
 libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880025
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_radare2:
upstream_radare2: released (2.1.0+dfsg-1)
precise/esm_radare2: DNE
trusty_radare2: not-affected (code not present)
trusty/esm_radare2: DNE (trusty was not-affected [code not present])
xenial_radare2: not-affected (code not present)
zesty_radare2: ignored (reached end-of-life)
artful_radare2: ignored (reached end-of-life)
bionic_radare2: not-affected (2.3.0+dfsg-2)
cosmic_radare2: not-affected (2.3.0+dfsg-2)
devel_radare2: not-affected (2.3.0+dfsg-2)