Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-10186

In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.

Related bugs and status

CVE-2018-10186 (Candidate) is related to these bugs:

Bug #1882889: Update vulnerable radare2 on 16.04, 18.04, 19.10

Summary				In	Importance	Status
	1882889	Update vulnerable radare2 on 16.04, 18.04, 19.10		radare2 (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/rad...