Vulnerability Description
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radare | Radare2 | 1.5.0 |
Related Weaknesses (CWE)
References
- http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dPatchThird Party Advisory
- http://www.securityfocus.com/bid/99141Third Party AdvisoryVDB Entry
- https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edPatchThird Party Advisory
- https://github.com/radare/radare2/issues/7723PatchThird Party Advisory
- http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dPatchThird Party Advisory
- http://www.securityfocus.com/bid/99141Third Party AdvisoryVDB Entry
- https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edPatchThird Party Advisory
- https://github.com/radare/radare2/issues/7723PatchThird Party Advisory
FAQ
What is CVE-2017-9763?
CVE-2017-9763 is a vulnerability with a CVSS score of 7.5 (HIGH). The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use...
How severe is CVE-2017-9763?
CVE-2017-9763 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9763?
Check the references section above for vendor advisories and patch information. Affected products include: Radare Radare2.