Bug 2245328 (CVE-2023-5686) - CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode
Summary: CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:...
Status: NEW
Alias: CVE-2023-5686
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2245329 2245330
TreeView+ depends on / blocked
Reported: 2023-10-20 20:07 UTC by Robb Gatica
Modified: 2023-10-20 20:11 UTC (History)
0 users

Fixed In Version: radare2 5.9.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Robb Gatica 2023-10-20 20:07:36 UTC
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. According to comments in the Huntr bug report and github commit, this is an OOBREAD in the heap, which causes an UB when disassembling an instruction using the Java decoder. So it may not be exploitable because it just returns an invalid value instead of "not enough bytes to decode the instruction". The issue has been fixed in radare2 5.9.0. 

- https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de
- https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
- https://nvd.nist.gov/vuln/detail/CVE-2023-5686

Comment 1 Robb Gatica 2023-10-20 20:07:54 UTC
Created radare2 tracking bugs for this issue:

Affects: epel-all [bug 2245329]
Affects: fedora-all [bug 2245330]

Note You need to log in before you can comment on or make changes to this bug.