CVE-2017-7946

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7946
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7946.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7946
Downstream
Published
2017-04-18T20:59:00.200Z
Modified
2025-11-20T21:00:09.769416Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The getrelocs64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radare/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/radareorg/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d1e8ac62c6d978d4662f69116e30230d43033c92

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git

Other

radare2-windows-nightly
termux

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-7946-6db834f8",
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "98087576193451517254033009895863813932",
                "156682621656861689712753278960972319317",
                "311907311112858534218515060603363333282",
                "86392897736965051032351701253889902332",
                "130489916282176589233204413413344072131",
                "261029230745379985370481266318482211064",
                "234991063195063353878551881272722870713",
                "15370847212929908108059839829750314191",
                "64953988289932740180252958676324845057",
                "186270764205321295169116511077305280836",
                "319001382481972198118714838998113208765",
                "6744721957145300683637673405069409391",
                "248589380602903816361843021442705647388",
                "199765085531405694240174614080179360363",
                "245320198767001255825359188488936938565",
                "24325967151837186896959716084014607005",
                "48241428568036213651325965233675715655",
                "168755743906117612496238921656172354141",
                "207299675690229620755373945575790823204",
                "195680416448814575417600619791595348479",
                "49421494328161831833549175964374182729",
                "292022493742678836492120119317608949193",
                "198609181230818130589749040564209393166",
                "119942582475931940707018382170372563280",
                "121677015275586545787599743225714170954",
                "96992730358133552052599986571630255021",
                "236099622371405643478346891215235260802",
                "290066655185419546775292642239791135968",
                "13639072684563853840919788312464069593",
                "325757151293788731501332940570898845198",
                "65425911270442413982859472028159991603",
                "302863787817559213656160091321382815691",
                "37607146773508945089332727730284956790",
                "269009730338486873512359112289157709156",
                "181389910919497232503018782014732794561",
                "180762845020080210111685784929538423427",
                "226480434980450432219882095586169819890",
                "234674345815971709113314645159199181123",
                "40859217232836180695541374174287756793",
                "204710573597719709077113466888108348018",
                "64002781100792433178625369119882966532",
                "322926518559432560585013436644696253899",
                "247125989461681284532145555096923086623",
                "206741661628945976475547372116079402592",
                "263496835859694169469288726587752843262",
                "57535966147220152662450295192842776796",
                "300556014669763563788209478285986388193",
                "277770437203855892055200486866855004107",
                "294043414484958547903729663731639664138",
                "305122710814305375133040567708762747959",
                "216937690439282717031075644713925482838",
                "339112755734916764052624512076535798543",
                "244495609117234889078340842553837833765",
                "251431398894069986931603623836941543203",
                "293940910065671516069332013317743602446",
                "109824311113427758989962870051509272940",
                "129090280501942518851618682250189591938",
                "212014944418121142373814174229237264520",
                "84505957859018690618041890303964158802",
                "80538072416316548435875679839286014592",
                "333658886226728241904367398137345671657",
                "29204589880798460851252259512487461197",
                "316083271324117631488934355979962030439",
                "194938367413467659255778015279107272992",
                "229121341758720772750109511672853205305",
                "277632265184199955441422228007353692410",
                "29763533097287378157372674835225814895",
                "59667308214633689975558291721276104573",
                "2804862173105609852397612510972977269",
                "131435202265752013984338608716131080798",
                "232493858867750610925386919624021281297",
                "176624094016185031341241287352943913912",
                "229133399720245676904872241979312545308",
                "311809343752647125310793130766885828966"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/radareorg/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92",
        "target": {
            "file": "libr/bin/format/mach0/mach0.c"
        }
    }
]