Description
iaito is a Qt and C++ GUI for radare2. It is the continuation of Cutter before the fork to keep radare2 as backend. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. The iaito is created by reverse engineers for reverse engineers. Focus on supporting latest version of radare2. Recommend the use of system installed libraries/radare2. Closer integration between r2 and the UI.
Affected Package
Related
{"id": "FEDORA:EB042314C7B5", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 34 Update: iaito-5.2.2-3.fc34", "description": "iaito is a Qt and C++ GUI for radare2. It is the continuation of Cutter before the fork to keep radare2 as backend. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. The iaito is created by reverse engineers for reverse engineers. Focus on supporting latest version of radare2. Recommend the use of system installed libraries/radare2. Closer integration between r2 and the UI. ", "published": "2021-06-21T01:04:02", "modified": "2021-06-21T01:04:02", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2021-32613"], "immutableFields": [], "lastseen": "2021-07-28T14:46:52", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-32613"]}, {"type": "archlinux", "idList": ["ASA-202106-40"]}, {"type": "cve", "idList": ["CVE-2021-32613"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-32613"]}, {"type": "fedora", "idList": ["FEDORA:31B3D318C313", "FEDORA:3A0993160657", "FEDORA:74C3230B9331"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-32613"]}], "rev": 4}, "score": {"value": 4.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-32613"]}, {"type": "archlinux", "idList": ["ASA-202106-40"]}, {"type": "cve", "idList": ["CVE-2021-32613"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-32613"]}, {"type": "fedora", "idList": ["FEDORA:31B3D318C313", "FEDORA:3A0993160657", "FEDORA:74C3230B9331"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-32613"]}]}, "exploitation": null, "vulnersScore": 4.7}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "34", "arch": "any", "packageVersion": "5.2.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "iaito"}]}
{"debiancve": [{"lastseen": "2021-12-14T17:52:17", "description": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-14T13:15:00", "type": "debiancve", "title": "CVE-2021-32613", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-05-14T13:15:00", "id": "DEBIANCVE:CVE-2021-32613", "href": "https://security-tracker.debian.org/tracker/CVE-2021-32613", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:21:05", "description": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc\nparse via a crafted file which can lead to DoS.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-14T00:00:00", "type": "ubuntucve", "title": "CVE-2021-32613", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-05-14T00:00:00", "id": "UB:CVE-2021-32613", "href": "https://ubuntu.com/security/CVE-2021-32613", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-04-26T00:39:18", "description": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-14T13:15:00", "type": "cve", "title": "CVE-2021-32613", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2022-04-25T20:03:00", "cpe": ["cpe:/a:radare:radare2:5.3.0", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34"], "id": "CVE-2021-32613", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32613", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:radare:radare2:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and function levels. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-21T00:54:33", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: radare2-5.3.1-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-06-21T00:54:33", "id": "FEDORA:74C3230B9331", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IA7NT6OS4WJLG6UUV7GQKQT3AXOC6GVP/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and function levels. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-21T01:04:03", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: radare2-5.3.1-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-06-21T01:04:03", "id": "FEDORA:31B3D318C313", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V2UL4V4XKSFJVNNUMFV443UJXGDBYGS4/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "iaito is a Qt and C++ GUI for radare2. It is the continuation of Cutter before the fork to keep radare2 as backend. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. The iaito is created by reverse engineers for reverse engineers. Focus on supporting latest version of radare2. Recommend the use of system installed libraries/radare2. Closer integration between r2 and the UI. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-21T00:54:33", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: iaito-5.2.2-3.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-06-21T00:54:33", "id": "FEDORA:3A0993160657", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:33:53", "description": "Arch Linux Security Advisory ASA-202106-40\n==========================================\n\nSeverity: Low\nDate : 2021-06-15\nCVE-ID : CVE-2021-32613\nPackage : radare2\nType : denial of service\nRemote : No\nLink : https://security.archlinux.org/AVG-1950\n\nSummary\n=======\n\nThe package radare2 before version 5.3.1-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 5.3.1-1.\n\n# pacman -Syu \"radare2>=5.3.1-1\"\n\nThe problem has been fixed upstream in version 5.3.1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIn radare2 through 5.3.0 there is a double free vulnerability in the\npyc parser via a crafted file which can lead to denial of service.\n\nImpact\n======\n\nA crafted Python bytecode file could crash the parser.\n\nReferences\n==========\n\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1959939\nhttps://github.com/radareorg/radare2/issues/18679\nhttps://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc\nhttps://security.archlinux.org/CVE-2021-32613", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-06-15T00:00:00", "type": "archlinux", "title": "[ASA-202106-40] radare2: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-06-15T00:00:00", "id": "ASA-202106-40", "href": "https://security.archlinux.org/ASA-202106-40", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-06-10T16:55:57", "description": "radare2 is vulnerable to denial of service. The vulnerability exists due to a double free vulnerability in the pyc parse.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-14T20:34:07", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-12-15T16:29:06", "id": "VERACODE:33331", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33331/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2021-10-20T20:34:22", "description": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-14T13:15:00", "type": "alpinelinux", "title": "CVE-2021-32613", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32613"], "modified": "2021-07-30T15:15:00", "id": "ALPINE:CVE-2021-32613", "href": "https://security.alpinelinux.org/vuln/CVE-2021-32613", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}
[SECURITY] Fedora 34 Update: iaito-5.2.2-3.fc34
