CVE-2019-19590

NameCVE-2019-19590
DescriptionIn radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs947791

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
radare2 (PTS)jessie0.9.6-3.1+deb8u1vulnerable
sid, trixie5.9.4+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
radare2sourcewheezy(unfixed)end-of-life
radare2source(unstable)4.2.1+dfsg-1947791

Notes

[jessie] - radare2 <no-dsa> (Minor issue)
https://github.com/radareorg/radare2/issues/15543
https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70
Search for package or bug name: Reporting problems