CVE-2017-6197 Radare CVE debrief

Who should care

Teams running radare2 1.2.1 in tooling, automation, or file-analysis workflows should care most, especially where attacker-controlled or untrusted binaries are parsed.

Technical summary

The vulnerable code path is in the r_read_* routines, including r_read_le32, inside r_endian.h. According to the NVD record, the flaw is a NULL pointer dereference that results in an application crash when parsing a crafted binary file. The NVD entry assigns CVSS 3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H and CWE-476.

Defensive priority

Medium priority. Upgrade or patch radare2 if version 1.2.1 is deployed in any workflow that handles untrusted files, because a malformed input can trigger a crash and interrupt analysis or service availability.

Recommended defensive actions

• Upgrade radare2 to a fixed version that includes the referenced patch.
• If immediate upgrading is not possible, restrict which binaries are parsed and avoid feeding untrusted files into radare2 1.2.1.
• Apply the upstream fix referenced in the linked radare2 commit if you maintain a downstream build.
• Monitor file-processing jobs and services for crashes related to malformed inputs.
• Validate any automation that invokes radare2 on user-supplied content and add input handling controls where possible.

Evidence notes

The CVE record and NVD entry both describe a crash caused by a NULL pointer dereference in radare2 1.2.1 when parsing crafted binaries. NVD lists CWE-476 and the CVSS 3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The linked radare2 commit and issue provide patch/advisory context.

Official resources