{"id":"MGASA-2021-0160","summary":"Updated radare2 packages fix security vulnerabilities","details":"radare2 4.5.0 misparses DWARF information in executable files, causing a\nsegmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name\nin the .debug_info section (CVE-2020-16269).\n\nradare2 4.5.0 misparses signature information in PE files, causing a\nsegmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c.\nThis is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY\n(CVE-2020-17487).\n\nAlso, the radare2-cutter package has been switched to a new upstream that uses\na different versioning scheme.\n","modified":"2026-04-16T00:09:10.655906332Z","published":"2021-03-30T20:08:49Z","upstream":["CVE-2020-16269","CVE-2020-17487"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0160.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28476"},{"type":"WEB","url":"https://github.com/rizinorg/cutter/releases/tag/v1.12.0"},{"type":"WEB","url":"https://github.com/radareorg/r2cutter/releases/tag/0.1.0"},{"type":"WEB","url":"https://github.com/radareorg/r2cutter/releases/tag/0.1.1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/45SGGCWFIIV7N2X2QZRREHOW7ODT3IH7/"}],"affected":[{"package":{"name":"radare2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/radare2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.1-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0160.json"}},{"package":{"name":"radare2-cutter","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/radare2-cutter?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.1.1-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0160.json"}},{"package":{"name":"radare2","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/radare2?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0160.json"}},{"package":{"name":"radare2-cutter","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/radare2-cutter?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.1.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0160.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}