Lucene search

[email protected]CVE-2019-12829

HistoryJun 15, 2019 - 5:29 p.m.

CVE-2019-12829

2019-06-1517:29:10

CWE-787

[email protected]

web.nvd.nist.gov

141

cve-2019-12829

radare2

rparse api

denial of service

application crash

buffer overflows

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.

Affected configurations

NVD

Node

radareradare2Range≤3.5.1

VendorProductVersionCPE
radareradare2cpe:/a:radare:radare2::::

Vendor	Product	Version	CPE
radare	radare2		cpe:/a:radare:radare2::::

References

github.com/radare/radare2/issues/14303

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

Related for CVE-2019-12829

alpinelinux1 osv1 ubuntucve1 cvelist1 debiancve1 veracode1 prion1 nvd1