{"id":"CVE-2017-6197","details":"The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.","modified":"2026-03-14T09:23:33.192373Z","published":"2017-02-24T04:59:00.217Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/96433"},{"type":"FIX","url":"https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989"},{"type":"FIX","url":"https://github.com/radare/radare2/issues/6816"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"7482dee932d3e280c8adb66b1d8f08ca36148ed5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.1"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"1ea23bd6040441a21fbcfba69dce9a01af03f989"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures":[{"digest":{"length":179,"function_hash":"17106255373911494429570082188668147584"},"target":{"function":"r_read_le16","file":"libr/include/r_endian.h"},"id":"CVE-2017-6197-3fa57bdd","source":"https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":251,"function_hash":"56521480330843665188637392779150303898"},"target":{"function":"r_read_le32","file":"libr/include/r_endian.h"},"id":"CVE-2017-6197-4e5a4146","source":"https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":85,"function_hash":"240859338887134180524976400952593795423"},"target":{"function":"r_read_ble8","file":"libr/include/r_endian.h"},"id":"CVE-2017-6197-6f574cc5","source":"https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["313675673046327587523446990894208781423","8331692281878784840840482341804180344","263550601277246970047494355983089374963","146563756917847262091650658945073759051","217108623745867226661246506362684292258","18509223722142561500624334448306012781","336038525693228917368063900097547061425","54284130475655386776894164122594373917","190852964013000928273541079107323887874","24541954589894186430689832511453273217","148124193760391448229734527852966329038","194942235687200741655068901152325387373","95291075085676708642323982430594718382","224066455727768564342716200064785388776","62692987984976974338590345141643360883","239662349361128358569316574690016566094","111458007510495800067370542414550465401","186393958106107312006630519142107882324","319996038801019187219635148015513028756","273162599114490560049332587369389200769","246897847062524815905566250040037422727","201762942505926023744383063878607172606","225060801306655685653232291442537413964","231098502893645925507813308872554597736","152509567359936682500041897132614881660","233558752094369697095014079520420126120","105627439455481981238877374350799895690","231371992082950537568399047232380630536","19062842662198554069237968113056886822"]},"target":{"file":"libr/include/r_endian.h"},"id":"CVE-2017-6197-a12de820","source":"https://github.com/radareorg/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989","signature_version":"v1","deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}