2245328 – (CVE-2023-5686) CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode

Bug 2245328 (CVE-2023-5686) - CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:21 in java_print_opcode

Summary: CVE-2023-5686 radare2: heap-buffer-overflow in /radare2/shlr/java/code.c:211:...

Keywords:
Status:	NEW
Alias:	CVE-2023-5686
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2245329 2245330
Blocks:
TreeView+	depends on / blocked

Reported:	2023-10-20 20:07 UTC by Robb Gatica
Modified:	2023-10-20 20:11 UTC (History)
CC List:	0 users
Fixed In Version:	radare2 5.9.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2023-10-20 20:07:36 UTC

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. According to comments in the Huntr bug report and github commit, this is an OOBREAD in the heap, which causes an UB when disassembling an instruction using the Java decoder. So it may not be exploitable because it just returns an invalid value instead of "not enough bytes to decode the instruction". The issue has been fixed in radare2 5.9.0. 

References:
- https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de
- https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
- https://nvd.nist.gov/vuln/detail/CVE-2023-5686

Comment 1 Robb Gatica 2023-10-20 20:07:54 UTC

Created radare2 tracking bugs for this issue:

Affects: epel-all [bug 2245329]
Affects: fedora-all [bug 2245330]

Note You need to log in before you can comment on or make changes to this bug.