Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43066
HistorySep 01, 2023 - 8:52 a.m.

Denial Of Service (DoS)

2023-09-0108:52:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
denial of service
buffer overflow
r_read_le32

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

radare2 is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the r_read_le32 function in the radare2 codebase. The function is responsible for reading a 32-bit integer from a memory buffer. The vulnerability occurs when the function fails to properly check the size of the buffer which can allow an attacker to overflow the buffer.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%