VDB-99252 · CVE-2017-6448 · BID 97313

radare2 1.2.1 DEX File libr/asm/p/asm_dalvik.c dalvik_disassemble memory corruption

A vulnerability classified as critical has been found in radare2 1.2.1. Affected is the function dalvik_disassemble of the file libr/asm/p/asm_dalvik.c of the component DEX File Handler. The manipulation leads to memory corruption. Using CWE to declare the problem leads to CWE-119. The bug was discovered 05/05/2017. The weakness was disclosed 04/03/2017 as f41e941341e44aa86edd4483c4487ec09a074257 (GitHub Repository). The advisory is shared for download at github.com. This vulnerability is traded as CVE-2017-6448. Local access is required to approach this attack. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 99422 (Debian DLA-901-1 : radare2 security update), which helps to determine the existence of the flaw in a target environment. The bugfix is ready for download at github.com. It is recommended to upgrade the affected component. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 97313) and Tenable (99422).

Field04/03/2017 05:00 PM08/25/2020 01:02 PM11/24/2022 06:51 PM
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore5.85.86.2
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.74.74.7
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
locationGitHub RepositoryGitHub RepositoryGitHub Repository
urlhttps://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2017-6448CVE-2017-6448CVE-2017-6448
cve_assigned1488499200 (03/03/2017)1488499200 (03/03/2017)1488499200 (03/03/2017)
cve_nvd_published149117760014911776001491177600
cve_nvd_summaryThe dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
securityfocus973139731397313
securityfocus_titleradare2 CVE-2017-6448 Stack Buffer Overflow Vulnerabilityradare2 CVE-2017-6448 Stack Buffer Overflow Vulnerabilityradare2 CVE-2017-6448 Stack Buffer Overflow Vulnerability
nessus_id994229942299422
nessus_nameDebian DLA-901-1 : radare2 security updateDebian DLA-901-1 : radare2 security updateDebian DLA-901-1 : radare2 security update
nessus_filenamedebian_DLA-901.nasldebian_DLA-901.nasldebian_DLA-901.nasl
nessus_riskMediumMediumMedium
nessus_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
nessus_typelocallocallocal
nessus_date1492473600 (04/18/2017)1492473600 (04/18/2017)1492473600 (04/18/2017)
openvas_id654826548265482
openvas_filenamedeb_dla_901.nasldeb_dla_901.nasldeb_dla_901.nasl
openvas_titleDebian LTS Advisory ([SECURITY] [DLA 901-1] radare2 security update)Debian LTS Advisory ([SECURITY] [DLA 901-1] radare2 security update)Debian LTS Advisory ([SECURITY] [DLA 901-1] radare2 security update)
openvas_familyDebian Local Security ChecksDebian Local Security ChecksDebian Local Security Checks
seealso992509925099250
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcUCUCUC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcUUU
reaction_days141414
exposure_days141414
cvss3_nvd_basescore7.87.87.8
typeProgramming Tool SoftwareProgramming Tool SoftwareProgramming Tool Software
nameradare2radare2radare2
version1.2.11.2.11.2.1
componentDEX File HandlerDEX File HandlerDEX File Handler
filelibr/asm/p/asm_dalvik.clibr/asm/p/asm_dalvik.clibr/asm/p/asm_dalvik.c
functiondalvik_disassembledalvik_disassembledalvik_disassemble
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.35.35.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
confirm_urlhttps://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257
nameUpgradeUpgrade
date1492387200 (04/17/2017)1492387200 (04/17/2017)
osvdb_titleCVE-2017-6448 - radare2 - Buffer Overflow IssueCVE-2017-6448 - radare2 - Buffer Overflow Issue
securityfocus_date1491177600 (04/03/2017)1491177600 (04/03/2017)
securityfocus_classBoundary Condition ErrorBoundary Condition Error
discoverydate14939424001493942400
identifierf41e941341e44aa86edd4483c4487ec09a074257
patch_urlhttps://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257
cvss2_nvd_basescore6.8

Interested in the pricing of exploits?

See the underground prices here!