CVE-2018-20460 (NVD)

2018-12-25

In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.

Products Radare2
Type Out-of-bounds Write (CWE-787)
First patch https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf
Relevant file/s ./libr/asm/arch/arm/armass64.c (modified, +4)
Links https://github.com/radare/radare2/issues/12376

radare2 - Tree: df167c7db5

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)


Patched area: