CVE-2017-9949
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9949
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9949.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-9949
- Downstream
- Published
- 2017-06-26T20:29:00Z
- Modified
- 2025-11-06T15:52:32.143120Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.
- References
Affected packages
Git / github.com/radare/radare2
Git / github.com/radareorg/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
Other
radare2-windows-nightly
termux
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"function_hash": "10219633047334996259024676977016395922",
"length": 2183.0
},
"target": {
"file": "shlr/grub/fs/ext2.c",
"function": "grub_ext2_read_block"
},
"signature_version": "v1",
"id": "CVE-2017-9949-064eccba",
"deprecated": false,
"source": "https://github.com/radareorg/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"193824579907906613533937211711450141357",
"170367674576728288610573191905020798047",
"125264612382456875408191469120745926518",
"45992353007791605196008840874614644194",
"247120616084044600492790533537423132805",
"117250866935019127281103231545452029256",
"91851809035828342961923577045984374861",
"100944322858195660496003297667009731966",
"270001161418777033294111992166408275170",
"145042554657850417354172091503728427062",
"59113779850845875195559829113735803716",
"11679321226115802503765824765590327445",
"176379307949418066769268947962249098795",
"125845413492838299952579188543035266386",
"298566456246500216765900737142925229396",
"264421804876155962201422920062140773491",
"67696871166245157780061042187243500744",
"274768004809767131300444833337189704778",
"100093634264444442718011996960040419130",
"70635833254866222979056255828982871891",
"61332108827511156073731503056819761546",
"47745519424293958468622035775527888798",
"274668686736196750517290940040994798859",
"265919304914816817900597414980131740820",
"246980140909855583176110653736075245149",
"184646816234896582957486952262581772112",
"21288484420983754260180543620146257273",
"47343973966530686956309566219783792913",
"62313912078660485974915285276106940277",
"152398358267235901249468774246500890982",
"295759697283399107941228906273891582561",
"201265775493804474577702993778079549520",
"163110494925576780229404120182525671405",
"114869856916992004324035016058221172743"
]
},
"target": {
"file": "shlr/grub/fs/ext2.c"
},
"signature_version": "v1",
"id": "CVE-2017-9949-1fb65177",
"deprecated": false,
"source": "https://github.com/radareorg/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "289628747790886221850749500794822172876",
"length": 1196.0
},
"target": {
"file": "shlr/grub/fs/fshelp.c",
"function": "grub_fshelp_read_file"
},
"signature_version": "v1",
"id": "CVE-2017-9949-300705d8",
"deprecated": false,
"source": "https://github.com/radareorg/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "198524374601668366202199731955015010268",
"length": 1887.0
},
"target": {
"file": "shlr/grub/fs/ext2.c",
"function": "grub_ext2_iterate_dir"
},
"signature_version": "v1",
"id": "CVE-2017-9949-5ab85f4d",
"deprecated": false,
"source": "https://github.com/radareorg/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "18886692905919231487753554970096862525",
"length": 844.0
},
"target": {
"file": "shlr/gdb/src/gdbserver/core.c",
"function": "_server_handle_vCont"
},
"signature_version": "v1",
"id": "CVE-2017-9949-7da2b227",
"deprecated": false,
"source": "https://github.com/radareorg/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"133321490154060896432866898411258951293",
"254549566699443919453493314689502951595",
"180115208073583990018881961477903224056"
]
},
"target": {
"file": "shlr/grub/fs/fshelp.c"
},
"signature_version": "v1",
"id": "CVE-2017-9949-7df0d418",
"deprecated": false,
"source": "https://github.com/radareorg/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"151012459813999032616581403224278486603",
"165837163628347865815373264757882501491",
"123579767243525392149865946846835224222",
"65453084007405746389875944500065104129"
]
},
"target": {
"file": "shlr/gdb/src/gdbserver/core.c"
},
"signature_version": "v1",
"id": "CVE-2017-9949-d64de315",
"deprecated": false,
"source": "https://github.com/radareorg/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191"
}
]