Vulnerabilities > CVE-2019-19590 - Use After Free vulnerability in Radare Radare2

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

radare

CWE-416

nessus

NVD

Published: 2019-12-05

Updated: 2023-11-07

Summary

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.

Vulnerable Configurations

Part	Description	Count
Application	Radare Radare Radare2 0.8.6 Radare Radare2 0.8.8 Radare Radare2 0.9 Radare Radare2 0.9.2 Radare Radare2 0.9.4 Radare Radare2 0.9.6 Radare Radare2 0.9.7 Radare Radare2 0.9.7.3-1 Radare Radare2 0.9.8 Radare Radare2 0.9.9 Radare Radare2 0.10.0 Radare Radare2 0.10.1 Radare Radare2 0.10.2 Radare Radare2 0.10.3 Radare Radare2 0.10.4 Radare Radare2 0.10.5 Radare Radare2 0.10.6 Radare Radare2 1.0 Radare Radare2 1.0.1 Radare Radare2 1.0.2 Radare Radare2 1.1.0 Radare Radare2 1.2.0 Radare Radare2 1.2.1 Radare Radare2 1.3.0 Radare Radare2 1.4.0 Radare Radare2 1.5.0 Radare Radare2 1.6.0 Radare Radare2 2.0.0 Radare Radare2 2.0.1 Radare Radare2 2.1.0 Radare Radare2 2.2.0 Radare Radare2 2.3.0 Radare Radare2 2.4.0 Radare Radare2 2.5.0 Radare Radare2 2.6.0 Radare Radare2 2.6.9 Radare Radare2 2.7.0 Radare Radare2 2.8.0 Radare Radare2 2.9.0 Radare Radare2 3.0.0 Radare Radare2 3.0.1 Radare Radare2 3.1.0 Radare Radare2 3.1.1 Radare Radare2 3.1.2 Radare Radare2 3.1.3 Radare Radare2 3.2.0 Radare Radare2 3.2.1 Radare Radare2 3.3.0 Radare Radare2 3.4.0 Radare Radare2 3.4.1 Radare Radare2 3.5.0 Radare Radare2 3.5.1 Radare Radare2 3.7.0 Radare Radare2 3.7.1 Radare Radare2 3.8.0 Radare Radare2 3.9.0 Radare Radare2 4.0.0	62

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-4A3FF78BA5.NASL
description	Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133703
published	2020-02-14
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133703
title	Fedora 30 : cutter-re / radare2 (2020-4a3ff78ba5)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-ACD8CDB08D.NASL
description	Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133705
published	2020-02-14
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133705
title	Fedora 31 : cutter-re / radare2 (2020-acd8cdb08d)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References