CVE-2023-47016

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.

radare2 5.8.9 tiene una lectura fuera de los límites en r_bin_object_set_items en libr/bin/bobj.c, lo que provoca un bloqueo en r_read_le32 en libr/include/r_endian.h.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-10-30 CVE Reserved
2023-11-22 CVE Published
2024-10-11 CVE Updated
2024-10-11 First Exploit
2024-10-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://gist.github.com/gandalf4a/65705be4f84269cb7cd725a1d4ab2ffa	2024-10-11
https://github.com/radareorg/radare2/issues/22349	2024-10-11

URL	Date	SRC
https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd	2023-11-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Radare Search vendor "Radare"		Radare2 Search vendor "Radare" for product "Radare2"				< 5.9.0 Search vendor "Radare" for product "Radare2" and version " < 5.9.0"		-		Affected