Vulnerabilities > CVE-2017-7274 - NULL Pointer Dereference vulnerability in Radare Radare2 1.3.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/97181
- http://www.securityfocus.com/bid/97181
- https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf
- https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf
- https://github.com/radare/radare2/issues/7152
- https://github.com/radare/radare2/issues/7152