CVE-2018-14017
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-14017
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14017.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-14017
- Downstream
- Published
- 2018-07-12T20:29:00Z
- Modified
- 2025-10-29T13:55:57.519340Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The rbinjavaannotationnew function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in rbinjavalinenumbertableattr_new.
- References
Affected packages
Git / github.com/radare/radare2
Git / github.com/radareorg/radare2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/radareorg/radare2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.4-termux4
0.10.5
0.10.6
0.8.6
0.8.8
0.9
0.9.2
0.9.4
0.9.6
0.9.7
0.9.8
0.9.8-rc1
0.9.8-rc2
0.9.8-rc3
0.9.8-rc4
0.9.9
1.*
1.0
1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.2.0-git
1.3.0
1.3.0-git
1.4.0
1.5.0
1.6.0
2.*
2.0.0
2.0.1
2.1.0
2.2.0
2.4.0
2.5.0
2.6.0
Other
radare2-windows-nightly
termux
Database specific
vanir_signatures
[
{
"source": "https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152",
"target": {
"function": "r_bin_java_line_number_table_attr_new",
"file": "shlr/java/class.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-14017-23f715d6",
"digest": {
"length": 996.0,
"function_hash": "85529585468527977068094537150891062526"
},
"signature_type": "Function"
},
{
"source": "https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152",
"target": {
"function": "r_bin_java_code_attr_new",
"file": "shlr/java/class.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-14017-4fdbebb1",
"digest": {
"length": 3291.0,
"function_hash": "214173850067736259402998436879612460750"
},
"signature_type": "Function"
},
{
"source": "https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152",
"target": {
"function": "r_bin_java_read_next_attr_from_buffer",
"file": "shlr/java/class.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-14017-68a22a4f",
"digest": {
"length": 1040.0,
"function_hash": "124648969860573368791385072597958563523"
},
"signature_type": "Function"
},
{
"source": "https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152",
"target": {
"file": "shlr/java/class.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-14017-b317af32",
"digest": {
"threshold": 0.9,
"line_hashes": [
"297089123182226021075923206431372777908",
"249062309487039210741101757904152070009",
"292194415459953741788486398802987237294",
"77204697837281518867133356218543815901",
"105653494383006944107046588657566325383",
"205079722161037561515891041805083702540",
"19451990613910366387522314207938992717",
"339386924056090075622944590639288042501",
"168045002177191098181197860098151351567",
"162795608352197811462549333640556575329",
"29631468869709930900675078348560057346",
"230459622328219701765477546691153883632",
"311414857219593466751702008350945405694",
"132692319730659855246353447859791383676",
"282242819687580152043434347282530588382",
"206279720433505541407895221429222965728",
"177914340506196482366428317669423171948",
"308559672750872322799265440651233255827",
"152968371416554461197607853203794162690",
"81859150084220935840043326612563736327",
"167539121274318384909784598047352068294",
"136865784567796688346817326148909664615",
"69052575642444318908036840678829159973",
"171189988534685278761991064431681965510",
"313436637592624378345371071509881146881",
"292813640722661952973113145836130312086",
"269578207079167315417364197134717906880",
"161731456310292187291328276487724722329",
"1777840080323052656498732103447577815",
"193455581717891672260094332586105593990",
"307952598748848613461167561239621948585",
"302822472831828275133864929135251849765",
"32296341047794311148839175183206050471",
"83541653563762476107013092460823063997",
"60599057251982200111271909483488686023",
"156171261000866794046566538585306643276"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152",
"target": {
"function": "r_bin_java_local_variable_type_table_attr_new",
"file": "shlr/java/class.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2018-14017-dcff553e",
"digest": {
"length": 1678.0,
"function_hash": "264352236847510053795260178671831020487"
},
"signature_type": "Function"
}
]