CVE-2017-9520
- Source
- https://cve.org/CVERecord?id=CVE-2017-9520
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9520.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-9520
- Downstream
- Published
- 2017-06-08T14:29:00.297Z
- Modified
- 2026-04-11T03:11:37.714893Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The rconfigset function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
- References
Affected packages
Git / github.com/radare/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radare/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "1.5.0" } ] }
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
Other
radare2-windows-nightly
termux
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "176287331169048068014519446979246965043",
"length": 893.0
},
"id": "CVE-2017-9520-1463369f",
"signature_type": "Function",
"source": "https://github.com/radareorg/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005",
"deprecated": false,
"target": {
"function": "r_core_bin_set_env",
"file": "libr/core/cbin.c"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "79059203780100655889398475173598585289",
"length": 1930.0
},
"id": "CVE-2017-9520-be45c11b",
"signature_type": "Function",
"source": "https://github.com/radareorg/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005",
"deprecated": false,
"target": {
"function": "r_config_set",
"file": "libr/config/config.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"183791960127587604471889937694274189674",
"57223251238555722903857489874342925678",
"151346299546101784559683188854030576818",
"9469576686545819922152056240732335509",
"168437269123251131135648102425443210261",
"171268881786570126763085531274021807282",
"183076540113215773977108581591329750216",
"139522883623943474150755828260568668573",
"244228412977303805997622847917959312104",
"90093344064419229953054741697190315777",
"193000678024019727056034168462441056463",
"108551911977570361293114646678935623993",
"135816300997801231492817413148454024734",
"229252909839171956753031330525572505783",
"110058798846098240349233660364733601142"
]
},
"id": "CVE-2017-9520-cc79945f",
"signature_type": "Line",
"source": "https://github.com/radareorg/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005",
"deprecated": false,
"target": {
"file": "libr/core/cbin.c"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"308598182805312281522945467344897079410",
"8760821368833630665576212967798831100",
"185133641519768264065842165951575381637",
"307771205038602884228326919546396902459",
"37003960473275799048736045447338720011"
]
},
"id": "CVE-2017-9520-dfab808d",
"signature_type": "Line",
"source": "https://github.com/radareorg/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005",
"deprecated": false,
"target": {
"file": "libr/config/config.c"
},
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9520.json"
vanir_signatures_modified
"2026-04-11T03:11:37Z"