33755 – radare2 new security issue CVE-2024-48241

Bug 33755 - radare2 new security issue CVE-2024-48241

Summary: radare2 new security issue CVE-2024-48241

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2024-11-12 09:48 CET by Nicolas Salguero
Modified:	2024-11-22 08:26 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	radare2-5.8.8-1.2.mga9.src.rpm
CVE:	CVE-2024-48241
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-11-12 09:48:15 CET

Fedora has issued an advisory on November 9:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFYOSKZAUGT7XKZWLV56ZMYJVZ6EHY42/

Fix: https://github.com/radareorg/radare2/commit/b2a467cd13c561042554901313ebdcb749eb0de7

Nicolas Salguero 2024-11-12 09:49:44 CET

Status comment: (none) => Patch available from upstream
Version: Cauldron => 9
Source RPM: (none) => radare2-5.8.8-1.2.mga9.src.rpm
CVE: (none) => CVE-2024-48241

Comment 1 Lewis Smith 2024-11-12 20:54:14 CET

Cauldron is well in advance of M9, for which the given patch (thanks Nicolas for same).
Assigning directly to DavidG who did almost all recent updates.

Assignee: bugsquad => geiger.david68210

Comment 2 Nicolas Salguero 2024-11-20 15:17:29 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability:

An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. (CVE-2024-48241)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFYOSKZAUGT7XKZWLV56ZMYJVZ6EHY42/
========================

Updated packages in core/updates_testing:
========================
lib(64)radare2_5.8.8-5.8.8-1.3.mga9
lib(64)radare2-devel-5.8.8-1.3.mga9
radare2-5.8.8-1.3.mga9

from SRPM:
radare2-5.8.8-1.3.mga9.src.rpm

Assignee: geiger.david68210 => qa-bugs
Status: NEW => ASSIGNED
Status comment: Patch available from upstream => (none)

katnatek 2024-11-20 19:11:07 CET

Keywords: (none) => advisory

Comment 3 katnatek 2024-11-21 19:18:37 CET

RH x86_64

LC_ALL=C urpmi --auto --auto-update
adding 3 new rpms not available in existing hdlist
replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp
updating /var/cache/urpmi/partial/MD5SUM
updated medium "QA Testing (64-bit)"
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Nonfree 32bit Updates (distrib37)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date

installing radare2-5.8.8-1.3.mga9.x86_64.rpm lib64radare2_5.8.8-5.8.8-1.3.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: lib64radare2_5.8.8    ##################################################################################################
      2/2: radare2               ##################################################################################################
      1/2: removing radare2-5.8.8-1.2.mga9.x86_64
                                 ##################################################################################################
      2/2: removing lib64radare2_5.8.8-5.8.8-1.2.mga9.x86_64
                                 ##################################################################################################

Reference bug#32521 comment#7 / Bug#33534 comment#3

rabin2 -I "/home/katnatek/windows/Program Files (x86)/K-Lite Codec Pack/MPC-HC64/mpc-hc64.exe"
arch     x86
baddr    0x140000000
binsz    9022976
bintype  pe
bits     64
canary   true
retguard false
class    PE32+
cmp.csum 0x008a22c3
compiled Thu Nov 29 16:00:08 2018
crypto   false
endian   little
havecode true
hdr.csum 0x008a22c3
laddr    0x0
lang     c
linenum  false
lsyms    false
machine  AMD 64
nx       true
os       windows
overlay  false
cc       ms
pic      true
relocs   false
signed   false
sanitize false
static   false
stripped false
subsys   Windows GUI
va       true

radare2 "/home/katnatek/windows/Program Files (x86)/K-Lite Codec Pack/MPC-HC64/mpc-hc64.exe"
[0x14050380c]> aa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze all functions arguments/locals (afva@@@F)
[0x14050380c]> s/ mpc
Searching 3 bytes in [0x1408ef400-0x1408f0000]
hits: 0
Searching 3 bytes in [0x1408d2000-0x1408ef400]
hits: 0
Searching 3 bytes in [0x1408d1c00-0x1408d2000]
hits: 0
Searching 3 bytes in [0x14084c000-0x1408d1c00]
[# ]0x140882d8f hit0_0 .       <!-- The mpchc_np id is used.

Reference  bug#29163 comment#18 / bug#32521 comment#8

rafind2 -s "text" /bin/kwrite | wc -l
1
r2 -a x86 /bin/oowriter
[0x00000000]>

V command output is the described

cutter not installed this time

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK

Comment 4 Thomas Andrews 2024-11-21 23:03:51 CET

Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 5 Mageia Robot 2024-11-22 08:26:08 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0367.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.