CVE-2017-7274 - The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to ca

CVE-2017-7274

Summary

The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.

References

http://www.securityfocus.com/bid/97181
https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf
https://github.com/radare/radare2/issues/7152

Vulnerable Configurations

cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:radare:radare2:1.3.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 31-03-2017 - 12:31)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

bid	97181
confirm	https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf https://github.com/radare/radare2/issues/7152

Last major update

31-03-2017 - 12:31

Published

27-03-2017 - 17:59

Last modified

31-03-2017 - 12:31