CVE-2017-16359

low-risk
Published 2017-11-01

In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Radare

References (8)

Issue Tracking https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0...
Issue Tracking https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac4831388...
Issue Tracking https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243...
Exploit https://github.com/radare/radare2/issues/8764
Issue Tracking https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0...
Issue Tracking https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac4831388...
Issue Tracking https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243...
Exploit https://github.com/radare/radare2/issues/8764
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal