Radare2
by Radare
Source repositories
CVEs (163)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11858 | 0.00 | — | 0.01 | Dec 15, 2024 | A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file… | |||
| CVE-2024-29645 | 0.00 | — | 0.00 | Dec 2, 2024 | Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. | |||
| CVE-2024-48241 | 0.00 | — | 0.00 | Oct 30, 2024 | An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. | |||
| CVE-2024-26475 | 0.00 | — | 0.00 | Mar 14, 2024 | An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. | |||
| CVE-2023-47016 | 0.00 | — | 0.01 | Nov 22, 2023 | radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h. | |||
| CVE-2023-46569 | 0.00 | — | 0.01 | Oct 28, 2023 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. | |||
| CVE-2023-46570 | 0.00 | — | 0.01 | Oct 28, 2023 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. | |||
| CVE-2023-5686 | 0.00 | — | 0.01 | Oct 20, 2023 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | |||
| CVE-2022-28070 | 0.00 | — | 0.01 | Aug 22, 2023 | A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. | |||
| CVE-2022-28073 | 0.00 | — | 0.01 | Aug 22, 2023 | A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. | |||
| CVE-2022-28072 | 0.00 | — | 0.01 | Aug 22, 2023 | A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. | |||
| CVE-2022-28068 | 0.00 | — | 0.01 | Aug 22, 2023 | A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. | |||
| CVE-2022-28069 | 0.00 | — | 0.01 | Aug 22, 2023 | A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. | |||
| CVE-2022-28071 | 0.00 | — | 0.01 | Aug 22, 2023 | A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. | |||
| CVE-2023-4322 | 0.00 | — | 0.01 | Aug 14, 2023 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | |||
| CVE-2021-32495 | 0.00 | — | 0.01 | Jul 7, 2023 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. | |||
| CVE-2021-32494 | 0.00 | — | 0.01 | Jul 7, 2023 | Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. | |||
| CVE-2023-1605 | 0.00 | — | 0.01 | Mar 23, 2023 | Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. | |||
| CVE-2023-27114 | 0.00 | — | 0.00 | Mar 10, 2023 | radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. | |||
| CVE-2023-0302 | 0.00 | — | 0.00 | Jan 15, 2023 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. |
- CVE-2024-11858Dec 15, 2024risk 0.00cvss —epss 0.01
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file…
- CVE-2024-29645Dec 2, 2024risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.
- CVE-2024-48241Oct 30, 2024risk 0.00cvss —epss 0.00
An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.
- CVE-2024-26475Mar 14, 2024risk 0.00cvss —epss 0.00
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
- CVE-2023-47016Nov 22, 2023risk 0.00cvss —epss 0.01
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.
- CVE-2023-46569Oct 28, 2023risk 0.00cvss —epss 0.01
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.
- CVE-2023-46570Oct 28, 2023risk 0.00cvss —epss 0.01
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.
- CVE-2023-5686Oct 20, 2023risk 0.00cvss —epss 0.01
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
- CVE-2022-28070Aug 22, 2023risk 0.00cvss —epss 0.01
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
- CVE-2022-28073Aug 22, 2023risk 0.00cvss —epss 0.01
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
- CVE-2022-28072Aug 22, 2023risk 0.00cvss —epss 0.01
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
- CVE-2022-28068Aug 22, 2023risk 0.00cvss —epss 0.01
A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
- CVE-2022-28069Aug 22, 2023risk 0.00cvss —epss 0.01
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
- CVE-2022-28071Aug 22, 2023risk 0.00cvss —epss 0.01
A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
- CVE-2023-4322Aug 14, 2023risk 0.00cvss —epss 0.01
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
- CVE-2021-32495Jul 7, 2023risk 0.00cvss —epss 0.01
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.
- CVE-2021-32494Jul 7, 2023risk 0.00cvss —epss 0.01
Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.
- CVE-2023-1605Mar 23, 2023risk 0.00cvss —epss 0.01
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
- CVE-2023-27114Mar 10, 2023risk 0.00cvss —epss 0.00
radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.
- CVE-2023-0302Jan 15, 2023risk 0.00cvss —epss 0.00
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
Page 4 of 9