VYPR
Vendor

Radare

Products
3
CVEs
165
Across products
165
Status
Private

Products

3

Recent CVEs

165
View all 165 CVEs →
  • CVE-2026-6942CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.02

    radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject…

  • CVE-2017-16358HigNov 1, 2017
    risk 0.51cvss 7.8epss 0.01

    In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.

  • CVE-2017-16357HigNov 1, 2017
    risk 0.51cvss 7.8epss 0.01

    In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.

  • CVE-2017-15932HigOct 27, 2017
    risk 0.51cvss 7.8epss 0.01

    In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.

  • CVE-2017-15931HigOct 27, 2017
    risk 0.51cvss 7.8epss 0.01

    In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.

  • CVE-2017-15385HigOct 16, 2017
    risk 0.51cvss 7.8epss 0.01

    The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.

  • CVE-2017-15368HigOct 16, 2017
    risk 0.51cvss 7.8epss 0.01

    The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect…

  • CVE-2017-10929HigJul 5, 2017
    risk 0.51cvss 7.8epss 0.02

    The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in…

  • CVE-2017-9949HigJun 26, 2017
    risk 0.51cvss 7.8epss 0.02

    The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer…

  • CVE-2017-6448HigApr 3, 2017
    risk 0.51cvss 7.8epss 0.02

    The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.

  • CVE-2017-6194HigApr 3, 2017
    risk 0.51cvss 7.8epss 0.02

    The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.

  • CVE-2017-6319HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.01

    The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.

  • CVE-2017-9763HigJun 19, 2017
    risk 0.49cvss 7.5epss 0.04

    The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a…

  • CVE-2026-40517HigApr 22, 2026
    risk 0.44cvss 7.8epss 0.01

    radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2…

  • CVE-2026-40527HigApr 17, 2026
    risk 0.44cvss 7.8epss 0.01

    radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF…

  • CVE-2026-40499HigApr 15, 2026
    risk 0.44cvss 7.8epss 0.01

    radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with…

  • CVE-2026-8696HigMay 15, 2026
    risk 0.42cvss 7.5epss 0.01

    radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can…

  • CVE-2026-8695HigMay 15, 2026
    risk 0.42cvss 7.5epss 0.01

    radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability…

  • CVE-2026-41015HigApr 16, 2026
    risk 0.41cvss 7.4epss 0.01

    radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after…

  • CVE-2026-6940HigApr 23, 2026
    risk 0.39cvss 7.1epss 0.00

    radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to…