{"id":"CVE-2018-20459","details":"In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20457.","modified":"2026-04-11T14:54:24.069645Z","published":"2018-12-25T19:29:00.477Z","references":[{"type":"FIX","url":"https://github.com/radare/radare2/issues/12418"},{"type":"FIX","url":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"57dd0b4e7ec70cc95f859651b1b63b076b8df7a7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.3"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","1.4.0","1.5.0","1.6.0","2.0.0","2.0.1","2.1.0","2.2.0","2.4.0","2.5.0","2.6.0","2.6.9","2.7.0","2.8.0","2.9.0","3.0.0","3.0.1","3.1.0","3.1.1","3.1.2","3.1.3","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures_modified":"2026-04-11T14:54:24Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20459.json","vanir_signatures":[{"id":"CVE-2018-20459-65313591","signature_version":"v1","source":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7","target":{"file":"libr/asm/arch/arm/armass64.c"},"deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["234972124300723021303519189872586181159","64855739719150176419708370774937598661","126982576917966750042234182581912397903","2465101767988780529990207923766591025"]}},{"id":"CVE-2018-20459-81cc582b","signature_version":"v1","source":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7","target":{"file":"libr/asm/arch/arm/armass.c"},"deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["320504459856674577202378585621657567447","241052845637009396674950399335434319279","92424657880786021492995607119010819530","217390376035072865716445880018909325770"]}},{"id":"CVE-2018-20459-84106391","signature_version":"v1","source":"https://github.com/radareorg/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7","target":{"file":"libr/asm/arch/arm/armass64.c","function":"parseOperands"},"deprecated":false,"signature_type":"Function","digest":{"length":3280,"function_hash":"159900584179997407881165760870783466648"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}