34122 – radare2 new security issues CVE-2024-56737, CVE-2025-1744 and CVE-2025-1864

Bug 34122 - radare2 new security issues CVE-2024-56737, CVE-2025-1744 and CVE-2025-1864

Summary: radare2 new security issues CVE-2024-56737, CVE-2025-1744 and CVE-2025-1864

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-03-20 16:00 CET by Nicolas Salguero
Modified:	2025-03-26 04:44 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	radare2-5.8.8-1.5.mga9.src.rpm
CVE:	CVE-2024-56737, CVE-2025-1744, CVE-2025-1864
Status comment:

Attachments
zlib-cve patch (1.47 KB, patch) 2025-03-21 12:25 CET, Kristoffer Grundström	Details \| Diff
magic cve patch (1.64 KB, patch) 2025-03-21 12:26 CET, Kristoffer Grundström	Details \| Diff
hfs-cve patch (1.43 KB, patch) 2025-03-21 12:27 CET, Kristoffer Grundström	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-03-20 16:00:00 CET

Fedora has issued an advisory on March 20:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JESFQCNT2ONAGTVQXEDREBQFC7NUDPEC/

Nicolas Salguero 2025-03-20 16:00:48 CET

Status comment: (none) => Patch available from Fedora
CVE: (none) => CVE-2024-56737, CVE-2025-1744, CVE-2025-1864
Source RPM: (none) => radare2-5.9.8-2.mga10.src.rpm, radare2-5.8.8-1.5.mga9.src.rpm
Whiteboard: (none) => MGA9TOO

Comment 1 Lewis Smith 2025-03-20 21:26:30 CET

Sorry, cannot find the patch.
Assigning directly to you, David, as you look to be chief maintainer of radare2.

Assignee: bugsquad => geiger.david68210

Comment 2 Kristoffer Grundström 2025-03-21 12:25:44 CET

Created attachment 14907 [details]
zlib-cve patch

CC: (none) => lovaren

Comment 3 Kristoffer Grundström 2025-03-21 12:26:44 CET

Created attachment 14908 [details]
magic cve patch

Comment 4 Kristoffer Grundström 2025-03-21 12:27:16 CET

Created attachment 14909 [details]
hfs-cve patch

Comment 5 Nicolas Salguero 2025-03-24 15:21:17 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Buffer overflow in the HFS parser from grub2. (CVE-2024-56737)

Out-of-bounds Write in radare2. (CVE-2025-1744)

Buffer Overflow and Potential Code Execution in Radare2. (CVE-2025-1864)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JESFQCNT2ONAGTVQXEDREBQFC7NUDPEC/
========================

Updated packages in core/updates_testing:
========================
lib(64)radare2_5.8.8-5.8.8-1.6.mga9
lib(64)radare2-devel-5.8.8-1.6.mga9
radare2-5.8.8-1.6.mga9

from SRPM:
radare2-5.8.8-1.6.mga9.src.rpm

Version: Cauldron => 9
Source RPM: radare2-5.9.8-2.mga10.src.rpm, radare2-5.8.8-1.5.mga9.src.rpm => radare2-5.8.8-1.5.mga9.src.rpm
Status: NEW => ASSIGNED
Assignee: geiger.david68210 => qa-bugs
Status comment: Patch available from Fedora => (none)
Whiteboard: MGA9TOO => (none)

PC LX 2025-03-24 18:00:29 CET

CC: (none) => mageia

katnatek 2025-03-24 18:56:43 CET

Keywords: (none) => advisory

Comment 6 katnatek 2025-03-24 19:57:35 CET

RH x86_64

installing radare2-5.8.8-1.6.mga9.x86_64.rpm lib64radare2_5.8.8-5.8.8-1.6.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: lib64radare2_5.8.8    ##################################################################################################
      2/2: radare2               ##################################################################################################
      1/2: removing radare2-5.8.8-1.5.mga9.x86_64
                                 ##################################################################################################
      2/2: removing lib64radare2_5.8.8-5.8.8-1.5.mga9.x86_64
                                 ##################################################################################################

rabin2 -I firefox.exe 
arch     x86
baddr    0x140000000
binsz    682560
bintype  pe
bits     64
canary   true
retguard false
class    PE32+
cmp.csum 0x000a77b9
compiled Mon Mar 17 13:21:16 2025
crypto   false
dbg_file firefox.pdb
endian   little
havecode true
hdr.csum 0x000a77b9
guid     76DB8B0DB20DA9994C4C44205044422E1
laddr    0x0
lang     msvc
linenum  false
lsyms    false
machine  AMD 64
nx       true
os       windows
overlay  true
cc       ms
pic      true
relocs   false
signed   true
sanitize false
static   false
stripped false
subsys   Windows GUI
va       true


radare2 firefox.exe 
[0x14001fce0]> aa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze all functions arguments/locals (afva@@@F)
[0x14001fce0]> s/ fire
Searching 4 bytes in [0x1400ab600-0x1400ac000]
hits: 0
..etc...
Searching 4 bytes in [0x140054000-0x140062800]
[# ]0x14005715d hit0_0 .itigationPolicyfirefoxFirefoxNtOp.

V command is as described in bug#32521 comment#8

OK to me

Comment 7 Herman Viaene 2025-03-25 09:55:34 CET

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 33853 for testing:
$ rabin2 -I  firefox.exe
arch     x86
baddr    0x400000
binsz    517072
bintype  pe
bits     32
canary   true
retguard false
class    PE32
cmp.csum 0x0008c46c
compiled Thu Jun 21 16:53:30 2018
crypto   false
dbg_file c:\builds\moz2_slave\m-esr52-w32-000000000000000000\build\src\obj-firefox\browser\app\firefox.pdb
endian   little
havecode true
hdr.csum 0x0008c46c
guid     CA62060F00F14226994F5C4935BE72192
laddr    0x0
lang     msvc
linenum  false
lsyms    false
machine  i386
nx       true
os       windows
overlay  true
cc       cdecl
pic      true
relocs   false
signed   true
sanitize false
static   false
stripped false
subsys   Windows GUI
va       true

$ rax2 0011000011111111d
12543

$ rasm2 ret
c3

$ radare2 firefox.exe
[0x00405eed]> aa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze all functions arguments/locals (afva@@@F)
[0x00405eed]> s/ fire
Searching 4 bytes in [0x480e00-0x481000]
hits: 0
Searching 4 bytes in [0x47f000-0x480e00]
hits: 0
Searching 4 bytes in [0x47ea00-0x47f000]
hits: 0
Searching 4 bytes in [0x43d000-0x47ea00]
hits: 0
Searching 4 bytes in [0x43c200-0x43d000]
hits: 0
Searching 4 bytes in [0x43c000-0x43c200]
hits: 0
Searching 4 bytes in [0x43a200-0x43c000]
hits: 0
Searching 4 bytes in [0x43a000-0x43a200]
hits: 0
Searching 4 bytes in [0x439c00-0x43a000]
hits: 0
Searching 4 bytes in [0x422000-0x439c00]
[# ]0x00423028 hit0_0 .MozillaFirefoxfirefox52.9.02018.
[0x00423028]> quit
Together with katnatek's testing, this should be OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Comment 8 Thomas Andrews 2025-03-25 16:24:33 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 9 Mageia Robot 2025-03-26 04:44:19 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0116.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.