Use of Uninitialized Resource
CVE-2020-27795
Summary
A segmentation fault was discovered in radare2 prior to 4.4.0 with "adf" command. In "libr/core/cmd_anal.c", when command "adf" has no or wrong argument, "anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1)"; returns null pointer for "fcn" causing segmentation fault later in "ensure_fcn_range (fcn)".
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-908 - Use of Uninitialized Resource
The software uses or accesses a resource that has not been initialized.
References
Advisory Timeline
- Published
