CVE-2018-11377

DEB

Medium

The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and appl…

CVSS

5.5

Medium

EPSS

0.01

p69

Published

2018-01-01

Updated

2018-01-01

Description

The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

Tags · CWE

CWE-125

CAPEC-540

Affected products

Radare2

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.014 · p69

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Product	Vendor	Status
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2		Tracked
radare2	*	Tracked

Source databases

DEB

CVE

UBU