[Secure-testing-team] Bug#869423: radare2: CVE-2017-9763
Salvatore Bonaccorso
carnil at debian.org
Sun Jul 23 12:35:55 UTC 2017
Source: radare2
Version: 1.1.0+dfsg-5
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for radare2, filling the bug
for tracking purpose.
CVE-2017-9763[0]:
| The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before
| 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows
| remote attackers to cause a denial of service (excessive stack use and
| application crash) via a crafted binary file, related to use of a
| variable-size stack array.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763
Please adjust the affected versions in the BTS as needed.
Salvatore
More information about the Secure-testing-team
mailing list