CVE-2018-15834
MEDIUMradare2 < 2.9.0 - Heap Overflow via Crafted FLIRT Signature File
Title source: llmDescription
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/radare/radare2/pull/11300
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/radare/radare2/issues/11274
Scores
CVSS v3
5.5
EPSS
0.0015
EPSS Percentile
34.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
radare/radare2
< 2.9.0
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026