Memory Corruption Vulnerability in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in radare 2.0.1
CVE-2017-16357 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.
Learn more about our Web Application Penetration Testing UK.