{"id":"CVE-2017-16358","details":"In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.","modified":"2026-04-11T04:37:57.328090Z","published":"2017-11-01T17:29:00.430Z","references":[{"type":"FIX","url":"https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9"},{"type":"FIX","url":"https://github.com/radare/radare2/issues/8748"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"81aee52168e1b33fd35753bc696693d626b5456c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.1"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"d31c4d3cbdbe01ea3ded16a584de94149ecd31d9"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures":[{"target":{"file":"libr/bin/bin.c"},"source":"https://github.com/radareorg/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9","deprecated":false,"id":"CVE-2017-16358-6aaed27a","digest":{"threshold":0.9,"line_hashes":["226300123692389878708072809038383876128","192663042669872138206132487810001732809","323094720443130918405205879046071326102","120100809523800864891341131033169388190","241363127384712706210041893466377221585","182530849118491708037063695165835487159","164196666576526976756570463295443729943","133723766236519775928582904467866297444","165454809221906479215757330847061691495","185556006068249334778324797798655698931","136589352575399249727385850433943354976","232703428829618010722858712448320778067","14585748013220834343756543672312303398"]},"signature_type":"Line","signature_version":"v1"},{"target":{"function":"string_scan_range","file":"libr/bin/bin.c"},"source":"https://github.com/radareorg/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9","deprecated":false,"id":"CVE-2017-16358-f3d774c9","digest":{"length":2855,"function_hash":"61988472564367060628925422415457327633"},"signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T04:37:57Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16358.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}