CVE-2017-16357

Publication date

2017-11-01 17:00:00

Family

mitre

State

PUBLISHED

Description

In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.