In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).
References
Configurations
History
18 Apr 2022, 17:16
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 | |
CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SX4TLTE75VYUGSPYEKMYFPUZMRDIR7O2/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IEXZWAMVKGZKHALV4IVWQS2ORJKRH57U/ - Mailing List, Third Party Advisory |
Information
Published : 2019-06-13 21:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-12802
Mitre link : CVE-2019-12802
CVE.ORG link : CVE-2019-12802
JSON object : View
Products Affected
radare
- radare2
fedoraproject
- fedora
CWE
CWE-416
Use After Free