These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-6415 is a denial-of-service issue in radare2 1.2.1 affecting the DEX parser. A crafted DEX file can trigger a NULL pointer dereference in dex_parse_debug_item, leading to an application crash. The NVD record classifies the issue as CWE-476 and assigns CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating availability impact without confidentiality or integrity impact. The advisory refer [truncated]
CVE-2017-6387 is a denial-of-service vulnerability in radare2’s DEX parser. When dex_loadcode in libr/bin/p/bin_dex.c processes a crafted DEX file, it can perform an out-of-bounds read and crash the application. The NVD record maps the issue to radare2 1.2.1 and CWE-125. The official CVE/NVD record was published on 2017-03-02.
CVE-2017-6319 affects radare2 1.2.1. The issue is in dex_parse_debug_item in libr/bin/p/bin_dex.c, where a crafted DEX file can trigger a buffer overflow, crash the application, and potentially have other impact. The NVD record classifies the weakness as CWE-119 and rates it 7.8 HIGH. For defenders, the main concern is any workflow that opens or analyzes untrusted DEX content with vulnerable radare2 build [truncated]
CVE-2017-6197 is a denial-of-service issue in radare2 1.2.1. When r_read_* helpers in libr/include/r_endian.h process a crafted binary file, they can dereference a NULL pointer and crash the application. NVD classifies the weakness as CWE-476 and rates the issue as medium severity.