radare2 5.8.9 libr/bin/bobj.c r_bin_object_set_items out-of-bounds

Summaryinfo

A vulnerability labeled as problematic has been found in radare2 5.8.9. This affects the function r_bin_object_set_items of the file libr/bin/bobj.c. Executing a manipulation can lead to out-of-bounds. This vulnerability is tracked as CVE-2023-47016. No exploit exists.

Detailsinfo

A vulnerability classified as problematic was found in radare2 5.8.9 (Programming Tool Software). This vulnerability affects the function r_bin_object_set_items of the file libr/bin/bobj.c. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality. CVE summarizes:

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

The weakness was disclosed 11/22/2023. The advisory is available at github.com. This vulnerability was named CVE-2023-47016 since 10/30/2023. Technical details are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-51173). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Programming Tool Software

Name

• radare2

Version

• 5.8.9

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion