CVE-2017-16359 - Vulnerability Details - OpenCVE

Description

In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.

Published: 2017-11-01

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2017-7553	In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00193.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e
https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882
https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d
https://github.com/radare/radare2/issues/8764

History

No history.

Subscriptions

Radare Radare2

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-01T17:00:00.000Z

Updated: 2024-09-17T03:59:30.697Z

Reserved: 2017-11-01T00:00:00.000Z

Link: CVE-2017-16359

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-11-01T17:29:00.477

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-16359

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-01T17:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/radare/radare2/issues/8764"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16359", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e", "refsource": "CONFIRM", "url": "https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e"}, {"name": "https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882", "refsource": "CONFIRM", "url": "https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882"}, {"name": "https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d", "refsource": "CONFIRM", "url": "https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d"}, {"name": "https://github.com/radare/radare2/issues/8764", "refsource": "CONFIRM", "url": "https://github.com/radare/radare2/issues/8764"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:27:04.032Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/radare/radare2/issues/8764"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16359", "datePublished": "2017-11-01T17:00:00.000Z", "dateReserved": "2017-11-01T00:00:00.000Z", "dateUpdated": "2024-09-17T03:59:30.697Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:radare:radare2:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5B4DFB4-18C8-413E-8953-1E7359DAC6EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c."}, {"lang": "es", "value": "Existe una vulnerabilidad de envoltura de puntero (pointer wraparound) en radare 2.0.1 en store_versioninfo_gnu_verdef() en libr/bin/format/elf/elf.c."}], "id": "CVE-2017-16359", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-01T17:29:00.477", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/issues/8764"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/radare/radare2/issues/8764"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}