Unrated severityNVD Advisory· Published Dec 5, 2019· Updated Aug 5, 2024
CVE-2019-19590
CVE-2019-19590
Description
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- radare2/radare2description
Patches
Vulnerability mechanics
References
3- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/mitrevendor-advisoryx_refsource_FEDORA
- github.com/radareorg/radare2/issues/15543mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.