Radare2
by Radare
Source repositories
CVEs (163)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14015 | Med | 0.29 | 5.5 | 0.01 | Jul 12, 2018 | The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. | ||
| CVE-2026-4174 | Low | 0.14 | 3.3 | 0.00 | Mar 16, 2026 | A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local… | ||
| CVE-2025-63745 | 0.00 | — | 0.00 | Nov 14, 2025 | A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data. | |||
| CVE-2025-63744 | 0.00 | — | 0.00 | Nov 14, 2025 | A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program. | |||
| CVE-2025-60360 | 0.00 | — | 0.00 | Oct 17, 2025 | radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init. | |||
| CVE-2025-60361 | 0.00 | — | 0.00 | Oct 17, 2025 | radare2 v5.9.8 and before contains a memory leak in the function bochs_open. | |||
| CVE-2025-60359 | 0.00 | — | 0.00 | Oct 17, 2025 | radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new. | |||
| CVE-2025-60358 | 0.00 | — | 0.00 | Oct 16, 2025 | radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations. | |||
| CVE-2025-5648 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached… | |||
| CVE-2025-5647 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be… | |||
| CVE-2025-5646 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to… | |||
| CVE-2025-5645 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a… | |||
| CVE-2025-5644 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is… | |||
| CVE-2025-5643 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be… | |||
| CVE-2025-5642 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of… | |||
| CVE-2025-5641 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the… | |||
| CVE-2025-1864 | 0.00 | — | 0.00 | Mar 3, 2025 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9. | |||
| CVE-2025-1744 | 0.00 | — | 0.00 | Feb 28, 2025 | Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9. | |||
| CVE-2025-1378 | 0.00 | — | 0.00 | Feb 17, 2025 | A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has… | |||
| CVE-2024-29646 | 0.00 | — | 0.01 | Dec 17, 2024 | Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields. |
- risk 0.29cvss 5.5epss 0.01
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.
- risk 0.14cvss 3.3epss 0.00
A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local…
- CVE-2025-63745Nov 14, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.
- CVE-2025-63744Nov 14, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.
- CVE-2025-60360Oct 17, 2025risk 0.00cvss —epss 0.00
radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.
- CVE-2025-60361Oct 17, 2025risk 0.00cvss —epss 0.00
radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
- CVE-2025-60359Oct 17, 2025risk 0.00cvss —epss 0.00
radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.
- CVE-2025-60358Oct 16, 2025risk 0.00cvss —epss 0.00
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
- CVE-2025-5648Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached…
- CVE-2025-5647Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be…
- CVE-2025-5646Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to…
- CVE-2025-5645Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a…
- CVE-2025-5644Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is…
- CVE-2025-5643Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be…
- CVE-2025-5642Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of…
- CVE-2025-5641Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the…
- CVE-2025-1864Mar 3, 2025risk 0.00cvss —epss 0.00
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.
- CVE-2025-1744Feb 28, 2025risk 0.00cvss —epss 0.00
Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.
- CVE-2025-1378Feb 17, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has…
- CVE-2024-29646Dec 17, 2024risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.
Page 3 of 9