CVE-2017-9761

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-9761
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9761.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-9761
Downstream
Published
2017-06-19T16:29:00Z
Modified
2025-11-12T13:53:36.670144Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

References

Affected packages

Git / github.com/radare/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radare/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / github.com/radareorg/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
00e8f205475332d7842d0f0d1481eeab4e83017c

Affected versions

0.*

0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9

1.*

1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0

Other

radare2-windows-nightly
termux

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c",
        "id": "CVE-2017-9761-04586457",
        "signature_version": "v1",
        "target": {
            "file": "libr/core/cmd.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37604999191600832622223433178216934188",
                "28763255715671708014648660434478368179",
                "208763337144852388552834775494961247524",
                "20805309047512446337922431145468529122"
            ]
        }
    },
    {
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c",
        "id": "CVE-2017-9761-56beb6b3",
        "signature_version": "v1",
        "target": {
            "file": "libr/core/cmd_info.c"
        },
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "145290900243440993499950545229613696343",
                "88961411922877046751006536151401291480",
                "100680420703479351557427311682028415520",
                "142203509474849976540261703092101056146",
                "182902003779155147067859127830738253474",
                "140760668905414946144174903496068182628",
                "307146248319452872976170909102698719733",
                "78911315293238091158040847774608258769"
            ]
        }
    },
    {
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c",
        "id": "CVE-2017-9761-5bd7cae0",
        "signature_version": "v1",
        "target": {
            "function": "r_core_cmd_subst_i",
            "file": "libr/core/cmd.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "201181973178317213004215790087884703768",
            "length": 15590.0
        }
    },
    {
        "deprecated": false,
        "source": "https://github.com/radareorg/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c",
        "id": "CVE-2017-9761-9a97811a",
        "signature_version": "v1",
        "target": {
            "function": "cmd_info",
            "file": "libr/core/cmd_info.c"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "178358934561837619207006608860164979521",
            "length": 11053.0
        }
    }
]