radare2 '/format/wasm/wasm.c' Heap Buffer Overflow Vulnerability

radare2 is prone to a heap-based buffer-overflow vulnerability .

An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

radare2 1.3.0 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97648
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-7854

Remote: Yes
Local: No
Published: Apr 13 2017 12:00AM
Updated: Apr 14 2017 01:06PM
Credit: Kamil Frankowicz (fumfel)
Vulnerable:

Not Vulnerable:

References:

• Fix crash in fuzzed wasm r2_hoobr_consume_init_expr (radare2)
  
• Heap out of bounds read in consume_init_expr() (radare2)
  

Source: www.securityfocus.com