Test ID:	1.3.6.1.4.1.25623.1.1.10.2022.0440
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2022-0440)
Summary:	The remote host is missing an update for the 'radare2, radare2-cutter, rizin' package(s) announced via the MGASA-2022-0440 advisory.
Description:	Summary: The remote host is missing an update for the 'radare2, radare2-cutter, rizin' package(s) announced via the MGASA-2022-0440 advisory. Vulnerability Insight: In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. (CVE-2021-32613) A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. (CVE-2021-3673) A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS. (CVE-2021-4021) radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. (CVE-2021-44974) radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. (CVE-2021-44975) radare2 is vulnerable to Out-of-bounds Read. (CVE-2022-0173) NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. (CVE-2022-0419) Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0476) Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0518) Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0519) Use After Free in NPM radare2.js prior to 5.6.2. (CVE-2022-0520) Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0521) Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. (CVE-2022-0522) Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0523) Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. (CVE-2022-0559) Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0676) Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0695) NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0712) Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. (CVE-2022-0713) Affected Software/OS: 'radare2, radare2-cutter, rizin' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32613 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/ https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05 https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62 https://github.com/radareorg/radare2/issues/18666 https://github.com/radareorg/radare2/issues/18667 https://bugzilla.redhat.com/show_bug.cgi?id=1959939 https://github.com/radareorg/radare2/issues/18679 Common Vulnerability Exposure (CVE) ID: CVE-2021-3673 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NFQPEPMLAOQNGZG5OHSPZBNONGG4DDJO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIARALLVVY2362AYFSFULTZKIW6QO5R5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XGOU2EFE7YK2YDRNFV6QFUWW2SL2GGQA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQIRJ72UALGMSWH6MYPVJQQLXFGZ23RS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKGIB52R4XPCPNEW6GF56EHW7ST24IJU/ https://bugzilla.redhat.com/show_bug.cgi?id=1989130 Common Vulnerability Exposure (CVE) ID: CVE-2021-4021 https://github.com/radareorg/radare2/issues/19436 Common Vulnerability Exposure (CVE) ID: CVE-2021-44974 https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ https://github.com/radareorg/radare2/issues/19478 http://www.openwall.com/lists/oss-security/2022/05/25/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-44975 https://github.com/radareorg/radare2/issues/19476 Common Vulnerability Exposure (CVE) ID: CVE-2022-0173 https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c Common Vulnerability Exposure (CVE) ID: CVE-2022-0419 https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 Common Vulnerability Exposure (CVE) ID: CVE-2022-0476 https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D/ https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b Common Vulnerability Exposure (CVE) ID: CVE-2022-0518 https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184 https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa Common Vulnerability Exposure (CVE) ID: CVE-2022-0519 https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3 https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 Common Vulnerability Exposure (CVE) ID: CVE-2022-0520 https://huntr.dev/bounties/ce13c371-e5ef-4993-97f3-3d33dcd943a6 https://github.com/radareorg/radare2/commit/8525ad0b9fd596f4b251bb3d7b114e6dc7ce1ee8 Common Vulnerability Exposure (CVE) ID: CVE-2022-0521 https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca Common Vulnerability Exposure (CVE) ID: CVE-2022-0522 https://huntr.dev/bounties/2d45e589-d614-4875-bba1-be0f729e7ca9 https://github.com/radareorg/radare2/commit/d17a7bdf166108a29a27cd89bf454f9fa6c050d6 Common Vulnerability Exposure (CVE) ID: CVE-2022-0523 https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69 https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269 Common Vulnerability Exposure (CVE) ID: CVE-2022-0559 https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e Common Vulnerability Exposure (CVE) ID: CVE-2022-0676 https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485 https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 Common Vulnerability Exposure (CVE) ID: CVE-2022-0695 https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf Common Vulnerability Exposure (CVE) ID: CVE-2022-0712 https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466 https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 Common Vulnerability Exposure (CVE) ID: CVE-2022-0713 https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.