Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-10187

In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier.

Related bugs and status

CVE-2018-10187 (Candidate) is related to these bugs:

Bug #1882889: Update vulnerable radare2 on 16.04, 18.04, 19.10

Summary				In	Importance	Status
	1882889	Update vulnerable radare2 on 16.04, 18.04, 19.10		radare2 (Ubuntu)	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/rad...