CVE-2021-32613

Published: May 14, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.

Affected (3)

Products: Radare: Radare2 · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Radare Radare2	Up to 5.3.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (16)

https://bugzilla.redhat.com/show_bug.cgi?id=1959939

Source: patrick@puiterwijk.org

Issue TrackingPatchThird Party Advisory

https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05

Source: patrick@puiterwijk.org

PatchThird Party Advisory

https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62

Source: patrick@puiterwijk.org

PatchThird Party Advisory

https://github.com/radareorg/radare2/issues/18666

Source: patrick@puiterwijk.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/radareorg/radare2/issues/18667

Source: patrick@puiterwijk.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/radareorg/radare2/issues/18679

Source: patrick@puiterwijk.org

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/

Source: patrick@puiterwijk.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/

Source: patrick@puiterwijk.org

https://bugzilla.redhat.com/show_bug.cgi?id=1959939

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/radareorg/radare2/issues/18666

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/radareorg/radare2/issues/18667

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/radareorg/radare2/issues/18679

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.