CVE-2019-19590

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input.
Configurations

Configuration 1

cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*

Information

Published : 2019-12-05 02:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-19590

Mitre link : CVE-2019-19590

Products Affected
No products.