The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in rbindwarfparsecomp_unit in libr/bin/dwarf.c.
{
"versions": [
{
"introduced": "2.0.0"
},
{
"last_affected": "2.7.0"
}
]
}[
{
"id": "CVE-2018-14015-05052138",
"target": {
"function": "r_bin_dwarf_parse_comp_unit",
"file": "libr/bin/dwarf.c"
},
"signature_version": "v1",
"source": "https://github.com/radareorg/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3",
"signature_type": "Function",
"digest": {
"function_hash": "14798236559159636232016039672416504645",
"length": 1998.0
},
"deprecated": false
},
{
"id": "CVE-2018-14015-5e460cf2",
"target": {
"file": "libr/bin/dwarf.c"
},
"signature_version": "v1",
"source": "https://github.com/radareorg/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3",
"signature_type": "Line",
"digest": {
"line_hashes": [
"38837014092717001301140362079195693660",
"311442303638115001835224331871286714378",
"148051777228907455241579188971409856646",
"144840294018848705629789983154616113291"
],
"threshold": 0.9
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14015.json"
"2026-04-11T12:27:23Z"