Vendor CVEs
Radare
All CVEs
165 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6942 | Cri | 0.57 | 9.8 | 0.02 | Apr 23, 2026 | radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject… | ||
| CVE-2017-16358 | Hig | 0.51 | 7.8 | 0.01 | Nov 1, 2017 | In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | ||
| CVE-2017-16357 | Hig | 0.51 | 7.8 | 0.01 | Nov 1, 2017 | In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. | ||
| CVE-2017-15932 | Hig | 0.51 | 7.8 | 0.01 | Oct 27, 2017 | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. | ||
| CVE-2017-15931 | Hig | 0.51 | 7.8 | 0.01 | Oct 27, 2017 | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. | ||
| CVE-2017-15385 | Hig | 0.51 | 7.8 | 0.01 | Oct 16, 2017 | The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file. | ||
| CVE-2017-15368 | Hig | 0.51 | 7.8 | 0.01 | Oct 16, 2017 | The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect… | ||
| CVE-2017-10929 | Hig | 0.51 | 7.8 | 0.02 | Jul 5, 2017 | The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in… | ||
| CVE-2017-9949 | Hig | 0.51 | 7.8 | 0.02 | Jun 26, 2017 | The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer… | ||
| CVE-2017-6448 | Hig | 0.51 | 7.8 | 0.02 | Apr 3, 2017 | The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. | ||
| CVE-2017-6194 | Hig | 0.51 | 7.8 | 0.02 | Apr 3, 2017 | The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. | ||
| CVE-2017-6319 | Hig | 0.51 | 7.8 | 0.01 | Mar 2, 2017 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. | ||
| CVE-2017-9763 | Hig | 0.49 | 7.5 | 0.04 | Jun 19, 2017 | The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a… | ||
| CVE-2026-40517 | Hig | 0.44 | 7.8 | 0.01 | Apr 22, 2026 | radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2… | ||
| CVE-2026-40527 | Hig | 0.44 | 7.8 | 0.01 | Apr 17, 2026 | radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF… | ||
| CVE-2026-40499 | Hig | 0.44 | 7.8 | 0.01 | Apr 15, 2026 | radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with… | ||
| CVE-2026-8696 | Hig | 0.42 | 7.5 | 0.01 | May 15, 2026 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can… | ||
| CVE-2026-8695 | Hig | 0.42 | 7.5 | 0.01 | May 15, 2026 | radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability… | ||
| CVE-2026-41015 | Hig | 0.41 | 7.4 | 0.01 | Apr 16, 2026 | radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after… | ||
| CVE-2026-6940 | Hig | 0.39 | 7.1 | 0.00 | Apr 23, 2026 | radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to… | ||
| CVE-2026-6941 | Med | 0.36 | 6.6 | 0.00 | Apr 23, 2026 | radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a… | ||
| CVE-2018-10187 | Med | 0.36 | 5.5 | 0.01 | Apr 17, 2018 | In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was… | ||
| CVE-2018-10186 | Med | 0.36 | 5.5 | 0.01 | Apr 17, 2018 | In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368. | ||
| CVE-2018-8810 | Med | 0.36 | 5.5 | 0.01 | Mar 20, 2018 | In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. | ||
| CVE-2018-8809 | Med | 0.36 | 5.5 | 0.01 | Mar 20, 2018 | In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. | ||
| CVE-2018-8808 | Med | 0.36 | 5.5 | 0.01 | Mar 20, 2018 | In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file. | ||
| CVE-2017-16805 | Med | 0.36 | 5.5 | 0.01 | Nov 13, 2017 | In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. | ||
| CVE-2017-16359 | Med | 0.36 | 5.5 | 0.01 | Nov 1, 2017 | In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. | ||
| CVE-2017-9762 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2017 | The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. | ||
| CVE-2017-9761 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2017 | The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | ||
| CVE-2017-9520 | Med | 0.36 | 5.5 | 0.01 | Jun 8, 2017 | The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. | ||
| CVE-2017-7946 | Med | 0.36 | 5.5 | 0.01 | Apr 18, 2017 | The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. | ||
| CVE-2017-7854 | Med | 0.36 | 5.5 | 0.01 | Apr 13, 2017 | The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | ||
| CVE-2017-7716 | Med | 0.36 | 5.5 | 0.01 | Apr 12, 2017 | The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | ||
| CVE-2017-7274 | Med | 0.36 | 5.5 | 0.02 | Mar 27, 2017 | The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file. | ||
| CVE-2017-6415 | Med | 0.36 | 5.5 | 0.01 | Mar 2, 2017 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. | ||
| CVE-2017-6387 | Med | 0.36 | 5.5 | 0.01 | Mar 2, 2017 | The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. | ||
| CVE-2017-6197 | Med | 0.36 | 5.5 | 0.02 | Feb 24, 2017 | The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. | ||
| CVE-2018-15834 | Med | 0.29 | 5.5 | 0.01 | Sep 12, 2018 | In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | ||
| CVE-2018-14017 | Med | 0.29 | 5.5 | 0.01 | Jul 12, 2018 | The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in… | ||
| CVE-2018-14016 | Med | 0.29 | 5.5 | 0.01 | Jul 12, 2018 | The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. | ||
| CVE-2018-14015 | Med | 0.29 | 5.5 | 0.01 | Jul 12, 2018 | The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. | ||
| CVE-2026-4174 | Low | 0.14 | 3.3 | 0.00 | Mar 16, 2026 | A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local… | ||
| CVE-2025-63744 | 0.00 | — | 0.00 | Nov 14, 2025 | A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program. | |||
| CVE-2025-63745 | 0.00 | — | 0.00 | Nov 14, 2025 | A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data. | |||
| CVE-2025-60361 | 0.00 | — | 0.00 | Oct 17, 2025 | radare2 v5.9.8 and before contains a memory leak in the function bochs_open. | |||
| CVE-2025-60359 | 0.00 | — | 0.00 | Oct 17, 2025 | radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new. | |||
| CVE-2025-60360 | 0.00 | — | 0.00 | Oct 17, 2025 | radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init. | |||
| CVE-2025-60358 | 0.00 | — | 0.00 | Oct 16, 2025 | radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations. | |||
| CVE-2025-5648 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached… |
- risk 0.57cvss 9.8epss 0.02
radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2_cmd_str(). Attackers can inject…
- risk 0.51cvss 7.8epss 0.01
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
- risk 0.51cvss 7.8epss 0.01
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.
- risk 0.51cvss 7.8epss 0.01
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.
- risk 0.51cvss 7.8epss 0.01
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
- risk 0.51cvss 7.8epss 0.01
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.
- risk 0.51cvss 7.8epss 0.01
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect…
- risk 0.51cvss 7.8epss 0.02
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in…
- risk 0.51cvss 7.8epss 0.02
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer…
- risk 0.51cvss 7.8epss 0.02
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
- risk 0.51cvss 7.8epss 0.02
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
- risk 0.51cvss 7.8epss 0.01
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
- risk 0.49cvss 7.5epss 0.04
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a…
- risk 0.44cvss 7.8epss 0.01
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2…
- risk 0.44cvss 7.8epss 0.01
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF…
- risk 0.44cvss 7.8epss 0.01
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with…
- risk 0.42cvss 7.5epss 0.01
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can…
- risk 0.42cvss 7.5epss 0.01
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability…
- risk 0.41cvss 7.4epss 0.01
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release), the date range for the vulnerable code was less than a week, occurring after…
- risk 0.39cvss 7.1epss 0.00
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to…
- risk 0.36cvss 6.6epss 0.00
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a…
- risk 0.36cvss 5.5epss 0.01
In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was…
- risk 0.36cvss 5.5epss 0.01
In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.
- risk 0.36cvss 5.5epss 0.01
In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file.
- risk 0.36cvss 5.5epss 0.01
In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.
- risk 0.36cvss 5.5epss 0.01
In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.
- risk 0.36cvss 5.5epss 0.01
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
- risk 0.36cvss 5.5epss 0.01
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
- risk 0.36cvss 5.5epss 0.01
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
- risk 0.36cvss 5.5epss 0.01
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
- risk 0.36cvss 5.5epss 0.01
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
- risk 0.36cvss 5.5epss 0.01
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.
- risk 0.36cvss 5.5epss 0.01
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
- risk 0.36cvss 5.5epss 0.01
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
- risk 0.36cvss 5.5epss 0.02
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
- risk 0.36cvss 5.5epss 0.01
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.
- risk 0.36cvss 5.5epss 0.01
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
- risk 0.36cvss 5.5epss 0.02
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
- risk 0.29cvss 5.5epss 0.01
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.
- risk 0.29cvss 5.5epss 0.01
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in…
- risk 0.29cvss 5.5epss 0.01
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file.
- risk 0.29cvss 5.5epss 0.01
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.
- risk 0.14cvss 3.3epss 0.00
A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local…
- CVE-2025-63744Nov 14, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.
- CVE-2025-63745Nov 14, 2025risk 0.00cvss —epss 0.00
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.
- CVE-2025-60361Oct 17, 2025risk 0.00cvss —epss 0.00
radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
- CVE-2025-60359Oct 17, 2025risk 0.00cvss —epss 0.00
radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.
- CVE-2025-60360Oct 17, 2025risk 0.00cvss —epss 0.00
radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.
- CVE-2025-60358Oct 16, 2025risk 0.00cvss —epss 0.00
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
- CVE-2025-5648Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached…
Page 1 of 4