What is CVE-2020-17487?

CVE-2020-17487 is a vulnerability in radare2 4.5.0 that misparses signature information in PE files causing a segmentation fault.

How severe is CVE-2020-17487?

CVE-2020-17487 has a severity value of 7.5, classified as high.

What causes CVE-2020-17487 in radare2 4.5.0?

CVE-2020-17487 in radare2 4.5.0 is caused by a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

How can CVE-2020-17487 be exploited?

CVE-2020-17487 can be exploited by misparsing signature information in PE files, leading to a segmentation fault.

Is there a fix available for CVE-2020-17487?

At the moment, there are patches and updates available to address CVE-2020-17487 in radare2 4.5.0.

Vulnerability/
CVE-2020-17487

high

7.5

11/8/2020

4/8/2024

CVE-2020-17487

First published: Tue Aug 11 2020(Updated: )

radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Radare Radare2	=4.5.0
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-17487?
CVE-2020-17487 is a vulnerability in radare2 4.5.0 that misparses signature information in PE files causing a segmentation fault.
How severe is CVE-2020-17487?
CVE-2020-17487 has a severity value of 7.5, classified as high.
What causes CVE-2020-17487 in radare2 4.5.0?
CVE-2020-17487 in radare2 4.5.0 is caused by a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.
How can CVE-2020-17487 be exploited?
CVE-2020-17487 can be exploited by misparsing signature information in PE files, leading to a segmentation fault.
Is there a fix available for CVE-2020-17487?
At the moment, there are patches and updates available to address CVE-2020-17487 in radare2 4.5.0.

collector/nvd-index
agent/references
agent/author
agent/severity
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/radare
canonical/radare radare2
version/radare radare2/4.5.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.