CVE-2017-6197
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-6197
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6197.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-6197
- Downstream
- Published
- 2017-02-24T04:59:00.217Z
- Modified
- 2025-11-20T10:42:51.077228Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The rread* functions in libr/include/rendian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the rread_le32 function.
- References
Affected packages
Git / github.com/radare/radare2
Git / github.com/radareorg/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
Other
radare2-windows-nightly
termux
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 179.0,
"function_hash": "17106255373911494429570082188668147584"
},
"signature_version": "v1",
"source": "https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989",
"target": {
"file": "libr/include/r_endian.h",
"function": "r_read_le16"
},
"id": "CVE-2017-6197-3fa57bdd"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 251.0,
"function_hash": "56521480330843665188637392779150303898"
},
"signature_version": "v1",
"source": "https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989",
"target": {
"file": "libr/include/r_endian.h",
"function": "r_read_le32"
},
"id": "CVE-2017-6197-4e5a4146"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 85.0,
"function_hash": "240859338887134180524976400952593795423"
},
"signature_version": "v1",
"source": "https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989",
"target": {
"file": "libr/include/r_endian.h",
"function": "r_read_ble8"
},
"id": "CVE-2017-6197-6f574cc5"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"313675673046327587523446990894208781423",
"8331692281878784840840482341804180344",
"263550601277246970047494355983089374963",
"146563756917847262091650658945073759051",
"217108623745867226661246506362684292258",
"18509223722142561500624334448306012781",
"336038525693228917368063900097547061425",
"54284130475655386776894164122594373917",
"190852964013000928273541079107323887874",
"24541954589894186430689832511453273217",
"148124193760391448229734527852966329038",
"194942235687200741655068901152325387373",
"95291075085676708642323982430594718382",
"224066455727768564342716200064785388776",
"62692987984976974338590345141643360883",
"239662349361128358569316574690016566094",
"111458007510495800067370542414550465401",
"186393958106107312006630519142107882324",
"319996038801019187219635148015513028756",
"273162599114490560049332587369389200769",
"246897847062524815905566250040037422727",
"201762942505926023744383063878607172606",
"225060801306655685653232291442537413964",
"231098502893645925507813308872554597736",
"152509567359936682500041897132614881660",
"233558752094369697095014079520420126120",
"105627439455481981238877374350799895690",
"231371992082950537568399047232380630536",
"19062842662198554069237968113056886822"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989",
"target": {
"file": "libr/include/r_endian.h"
},
"id": "CVE-2017-6197-a12de820"
}
]