V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2019-19647
DEB
High

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to…

CVSS
7.8
High
EPSS
0.02
p72
Published
2019-01-01
Updated
2019-01-01
Description

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.

Tags · CWE
CWE-476
Affected products
Fedora
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Timeline
2019-01-01
Published
2019-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.016 · p72
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Radare2
Canonical
Radare2
Fedoraproject
Fedora
Radare
Radare2
ProductVendorStatus
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
radare2Tracked
fedora*Tracked
radare2*Tracked
Source databases
DEB
CVE
UBU