Radare2 Memory Corruption Vulnerability in Radiff2 Component

A memory corruption vulnerability has been identified in Radare2 version 5.9.9, specifically within the radiff2 component. The issue arises in the function r_cons_is_breaked, located in the file /libr/cons/cons.c. The vulnerability is triggered by manipulating the experimental -T argument, leading to invalid memory access and a segmentation fault. This vulnerability can be exploited locally, but the exploitation process is complex and challenging.

Impact

Exploitation of this vulnerability causes a segmentation fault due to invalid memory access, specifically a read operation on a null pointer, which is a common indicator of memory corruption issues.

Reproduction

The vulnerability can be reproduced by compiling Radare2 with AddressSanitizer enabled, which helps detect memory corruption errors. After compiling and installing Radare2, the radiff2 tool can be run with the -T option, which is experimental and known to cause crashes. This triggers the vulnerability by creating a race condition that leads to memory corruption.

Remediation

Users are advised to update to the latest version of Radare2, where this vulnerability has been addressed. The official Radare2 GitHub repository contains the latest releases.