Radare2 NULL Pointer Dereference Vulnerability in Bin Dyldcache Loader Causes Denial-of-Service

A NULL pointer dereference vulnerability has been identified in Radare2 versions through 6.0.5. The issue arises in the 'load()' function of 'bin_dyldcache.c', where the program crashes due to a segmentation fault. This vulnerability can be exploited by processing a crafted binary file, potentially impacting automated binary analysis environments that use Radare2.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing the program to crash. The AddressSanitizer reports this as a deadly signal, indicating a severe error due to accessing memory incorrectly.

Reproduction

The vulnerability can be reproduced by using Radare2 to open a crafted binary file that triggers the NULL pointer dereference. This can be done by compiling a small program with specific libraries that simulate the issue, and then running it with the AddressSanitizer enabled.

Remediation

Users can update to the latest version of Radare2, where this vulnerability has been fixed. The official GitHub repository contains the patched version.