CVE-2017-9949

Name: CVE-2017-9949
Creator: NVD / NIST
Published: 2017-06-26T20:29:00.187+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

Unknown

Last modified Jun 17, 2026

CVE-2017-9949 is a vulnerability of currently unknown severity. The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02..

Description

The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Radare	Radare2	1.5.0

References

http://www.securityfocus.com/bid/99305Third Party Advisory, VDB Entry
https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191Third Party Advisory
https://github.com/radare/radare2/issues/7683Third Party Advisory
http://www.securityfocus.com/bid/99305Third Party Advisory, VDB Entry
https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191Third Party Advisory
https://github.com/radare/radare2/issues/7683Third Party Advisory

Timeline

Published: Jun 26, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-9949?

How severe is CVE-2017-9949?

Severity scoring for CVE-2017-9949 is pending analysis.

How do I fix CVE-2017-9949?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-9949?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST