Candidate: CVE-2017-16359
PublicDate: 2017-11-01 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16359
 https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e
 https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882
 https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d
 https://github.com/radare/radare2/issues/8764
Description:
 In radare 2.0.1, a pointer wraparound vulnerability exists in
 store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/radare2/+bug/1882889
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]


Patches_radare2:
upstream_radare2: needs-triage
precise/esm_radare2: DNE
trusty_radare2: not-affected (code not present)
trusty/esm_radare2: DNE (trusty was not-affected [code not present])
xenial_radare2: not-affected (code not present)
zesty_radare2: ignored (reached end-of-life)
artful_radare2: ignored (reached end-of-life)
bionic_radare2: not-affected (2.3.0+dfsg-2)
cosmic_radare2: not-affected (2.3.0+dfsg-2)
devel_radare2: not-affected (2.3.0+dfsg-2)