Radare2 Memory Corruption Vulnerability in Radiff2 Component

A memory corruption vulnerability has been identified in Radare2 version 5.9.9, specifically within the radiff2 component. The issue arises in the function 'r_cons_pal_init' located in the library '/libr/cons/pal.c'. The vulnerability is triggered by manipulating the experimental '-T' argument, leading to memory corruption. This vulnerability requires local exploitation and has been publicly disclosed, although its existence is currently disputed.

Impact

Exploitation of this vulnerability causes a segmentation fault, due to a write access to an invalid memory location, specifically the zero page. This behavior is indicative of a memory corruption issue, which can often be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling Radare2 with AddressSanitizer enabled, which will help detect memory corruption issues. After compiling and installing Radare2, the radiff2 tool can be run with the '-T' argument. This will trigger the vulnerability, causing a segmentation fault due to illegal memory access.

Remediation

Users are advised to update to the latest version of Radare2, where this vulnerability has been patched.