{"id":"CVE-2017-16805","details":"In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.","modified":"2026-04-11T04:38:14.837120Z","published":"2017-11-13T21:29:00.237Z","references":[{"type":"REPORT","url":"https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d"},{"type":"REPORT","url":"https://github.com/radare/radare2/issues/8813"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"81aee52168e1b33fd35753bc696693d626b5456c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.1"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:38:14Z","vanir_signatures":[{"signature_type":"Function","deprecated":false,"digest":{"length":4452,"function_hash":"309905875404444310278761324738514951938"},"source":"https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d","id":"CVE-2017-16805-833d5570","target":{"function":"r_bin_dwarf_parse_attr_value","file":"libr/bin/dwarf.c"},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"digest":{"length":1652,"function_hash":"307873831487524630253809792820560621146"},"source":"https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d","id":"CVE-2017-16805-b54fa1c9","target":{"function":"r_bin_dwarf_dump_debug_info","file":"libr/bin/dwarf.c"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["326401415171005190553074048362084762411","47169782882299309590186777992035464869","39741267706218039551179781983158164351","266577309111734529230060639545328303935","1129155443984092837339000484011434559","262714491272500468688876551498019052316","255217210449050203630628353614115764453","58253210461836338313170203403653597885","111641101179059694555197790533704202801","259574082581576518198229350703239390597","50291575660520975310308576268580694662","199826678063163164017514385797775727563","272001956579560092219529189568782034889","215014816513444055163277410209333914490","315566680451802448493463948539057616418","81923441713708386635598935978872592174","206203147040860471315171461531335737283","267558789793490116676678460015603040112","227229558748991830648345966388377207048","235161698239726795274483436500456079297","215080781156839936172080281740189180705","212162115889976409291341520950507172197","311424095035754608203512898389639496415","75077439232754734706754508572575378520","261476703194467188645961018873367329061","119165045722379264054337806060202178612","18012366597765520397190120548395720171","176736972593425314413586945383055295957","321286178592047978789409885462163718519","31239719833637811804475394973857148669","313973956717903047565764800881173274580","181815125225250262290490440602671159013","213357212232432197918515534138918386097","18012366597765520397190120548395720171","201822177383786033013598662243705347637","105154049718442711214192457073834079911","86636048803693507985248759915100405671","199295761972394292655311248441392010074","109845484253265779867205355365779800572","338998987908759764457348990848046655468"]},"source":"https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d","id":"CVE-2017-16805-c73c7d5e","target":{"file":"libr/bin/dwarf.c"},"signature_version":"v1"},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["337993711084511490199249331436501381109","90966592350706017073997720339166818668","185319938568685557368582455554332867889","247224920984977744414829133143377332673"]},"source":"https://github.com/radareorg/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d","id":"CVE-2017-16805-ced1af9e","target":{"file":"libr/include/r_bin_dwarf.h"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16805.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}