Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-19647

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.

Related bugs and status

CVE-2019-19647 (Candidate) is related to these bugs:

Bug #1882889: Update vulnerable radare2 on 16.04, 18.04, 19.10

Summary				In	Importance	Status
	1882889	Update vulnerable radare2 on 16.04, 18.04, 19.10		radare2 (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/rad...
FEDORA: FEDORA-2020-4a3ff78ba5
FEDORA: FEDORA-2020-acd8cdb08d