[Git][security-tracker-team/security-tracker][master] Track some new radare2 issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 8 21:27:00 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c642cbe by Salvatore Bonaccorso at 2022-04-08T22:26:07+02:00
Track some new radare2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -387,9 +387,13 @@ CVE-2022-26045
CVE-2022-25868
RESERVED
CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7
+ NOTE: https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6
CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013
+ NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67
CVE-2022-1282
RESERVED
CVE-2022-1281
@@ -461,7 +465,9 @@ CVE-2022-1246
CVE-2022-1245
RESERVED
CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82
+ NOTE: https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3
CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to ...)
TODO: check
CVE-2022-1242
@@ -504,13 +510,19 @@ CVE-2022-1249 [NULL pointer dereference in cms_set_pw_data()]
NOTE: Introduced by: https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a (114)
NOTE: Fixed by: https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76 (115)
CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc
+ NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4
CVE-2022-1239
RESERVED
CVE-2022-1238 (Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub reposi ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200
+ NOTE: https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778
CVE-2022-1237 (Improper Validation of Array Index in GitHub repository radareorg/rada ...)
- TODO: check
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40
+ NOTE: https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6
CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi prior to ...)
NOT-FOR-US: GROWI
CVE-2022-28660
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c642cbebfa2104640292e5b16c7bbae64374470
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c642cbebfa2104640292e5b16c7bbae64374470
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220408/bdd12bb4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list