The rstrbuffini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.
{ "cpe": "cpe:2.3:a:radare:radare2:2.5.0:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "2.5.0" }, { "last_affected": "2.5.0" } ], "source": [ "CPE_STRING", "REFERENCES" ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11383.json"