CVE-2017-6448

HIGH

Radare2 - Memory Corruption

Title source: rule

Description

The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.

References (3)

Core 3

Core References

Patch x_refsource_confirm

https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257

View Patch ZIP pw:eip

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97313

Issue Tracking, Patch x_refsource_confirm

https://github.com/radare/radare2/issues/6885

Scores

CVSS v3 7.8

EPSS 0.0025

EPSS Percentile 48.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

radare/radare2 1.2.1

Published Apr 03, 2017

Tracked Since Feb 18, 2026