Vulnerabilities > CVE-2019-19647 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

radare

fedoraproject

CWE-476

nessus

NVD

Published: 2019-12-09

Updated: 2023-11-07

Summary

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.

Vulnerable Configurations

Part	Description	Count
Application	Radare Radare Radare2 0.8.6 Radare Radare2 0.8.8 Radare Radare2 0.9 Radare Radare2 0.9.2 Radare Radare2 0.9.4 Radare Radare2 0.9.6 Radare Radare2 0.9.7 Radare Radare2 0.9.7.3-1 Radare Radare2 0.9.8 Radare Radare2 0.9.9 Radare Radare2 0.10.0 Radare Radare2 0.10.1 Radare Radare2 0.10.2 Radare Radare2 0.10.3 Radare Radare2 0.10.4 Radare Radare2 0.10.5 Radare Radare2 0.10.6 Radare Radare2 1.0 Radare Radare2 1.0.1 Radare Radare2 1.0.2 Radare Radare2 1.1.0 Radare Radare2 1.2.0 Radare Radare2 1.2.1 Radare Radare2 1.3.0 Radare Radare2 1.4.0 Radare Radare2 1.5.0 Radare Radare2 1.6.0 Radare Radare2 2.0.0 Radare Radare2 2.0.1 Radare Radare2 2.1.0 Radare Radare2 2.2.0 Radare Radare2 2.3.0 Radare Radare2 2.4.0 Radare Radare2 2.5.0 Radare Radare2 2.6.0 Radare Radare2 2.6.9 Radare Radare2 2.7.0 Radare Radare2 2.8.0 Radare Radare2 2.9.0 Radare Radare2 3.0.0 Radare Radare2 3.0.1 Radare Radare2 3.1.0 Radare Radare2 3.1.1 Radare Radare2 3.1.2 Radare Radare2 3.1.3 Radare Radare2 3.2.0 Radare Radare2 3.2.1 Radare Radare2 3.3.0 Radare Radare2 3.4.0 Radare Radare2 3.4.1 Radare Radare2 3.5.0 Radare Radare2 3.5.1 Radare Radare2 3.7.0 Radare Radare2 3.7.1 Radare Radare2 3.8.0 Radare Radare2 3.9.0 Radare Radare2 4.0.0	62
OS	Fedoraproject Fedoraproject Fedora 30 Fedoraproject Fedora 31	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-4A3FF78BA5.NASL
description	Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133703
published	2020-02-14
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133703
title	Fedora 30 : cutter-re / radare2 (2020-4a3ff78ba5)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-ACD8CDB08D.NASL
description	Rebase to radare2-4.2.1 and cutter-re 1.10.1. It fixes CVE-2019-19590 and CVE-2019-19547. It also fix a problem in cutter-re that did not display the window icon on Wayland. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133705
published	2020-02-14
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133705
title	Fedora 31 : cutter-re / radare2 (2020-acd8cdb08d)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References