radare2 up to 5.8.9 nds32-dis.h print_insn32 out-of-bounds

Summaryinfo

A vulnerability, which was classified as problematic, has been found in radare2 up to 5.8.9. Affected by this issue is the function print_insn32 in the library libr/arch/p/nds32/nds32-dis.h. Performing a manipulation results in out-of-bounds. This vulnerability was named CVE-2023-46570. There is no available exploit.

Detailsinfo

A vulnerability classified as problematic has been found in radare2 up to 5.8.9 (Programming Tool Software). This affects the function print_insn32 in the library libr/arch/p/nds32/nds32-dis.h. The manipulation with an unknown input leads to a out-of-bounds vulnerability. CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality. The summary by CVE is:

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.

The weakness was presented 10/28/2023 as 22333. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2023-46570 since 10/23/2023. Technical details of the vulnerability are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-50775). Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Type

• Programming Tool Software

Name

• radare2

Version

• 5.8.0
• 5.8.1
• 5.8.2
• 5.8.3
• 5.8.4
• 5.8.5
• 5.8.6
• 5.8.7
• 5.8.8
• 5.8.9

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion