CVE-2017-7946

MEDIUM

radare2 1.3.0 - Use-After-Free in Mach0 File Parser

Title source: llm

Description

The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.

References (2)

Core 2

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://github.com/radare/radare2/issues/7301

Issue Tracking, Patch, Third Party Advisory x_refsource_confirm

https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 42.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-416

Status published

Products (1)

radare/radare2 1.3.0

Published Apr 18, 2017

Tracked Since Feb 18, 2026