Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-25
In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting an input file.
| Products | Radare2 |
| Type | Out-of-bounds Read (CWE-125) |
| First patch |
https://github.com/radare/radare2/commit/4e98402f09a0ef0bb8559a33a4c1988c54938eaf |
| Patches | https://github.com/radareorg/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19 |
| Relevant file/s | ./libr/bin/format/mach0/dyldcache.c (modified, +35, -12) |
| Links | https://github.com/radare/radare2/issues/12374 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: