Latest radare radare2 Vulnerabilities

CVE-2023-47016
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.
Radare Radare2<5.9.0
CVE-2023-46570
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.
Radare Radare2<5.9.0
CVE-2023-46569
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.
Radare Radare2<5.9.0
CVE-2023-5686
Heap-based Buffer Overflow in radareorg/radare2
Radare Radare2<5.9.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2022-28068
A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
Radare Radare2=5.4.0
Radare Radare2=5.4.2
CVE-2022-28071
A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
Radare Radare2=5.4.0
Radare Radare2=5.4.2
CVE-2022-28069
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
Radare Radare2=5.4.0
Radare Radare2=5.4.2
CVE-2022-28073
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
Radare Radare2=5.4.0
Radare Radare2=5.4.2
CVE-2022-28072
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
Radare Radare2=5.4.0
Radare Radare2=5.4.2
CVE-2023-4322
Heap-based Buffer Overflow in radareorg/radare2
Radare Radare2<=5.8.8
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2021-32495
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.
Radare Radare2=5.3.0
CVE-2023-1605
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
Radare Radare2<5.8.6
CVE-2023-27114
radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.
Radare Radare2=5.8.3
CVE-2023-0302
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
Radare Radare2<5.8.2
CVE-2022-4843
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.
Radare Radare2<5.8.2
CVE-2022-4398
Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.
Radare Radare2<5.8.0
CVE-2020-27794
Radare Radare2<4.4.0
CVE-2020-27793
An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack.
Radare Radare2<4.4.0
CVE-2020-27795
A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_g...
Radare Radare2<4.4.0
CVE-2022-34502
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) ...
Radare Radare2=5.7.0
CVE-2022-34520
Radare Radare2=5.7.2
CVE-2022-1899
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.
Radare Radare2<5.7.0
CVE-2021-44974
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.
Radare Radare2<5.5.4
CVE-2021-44975
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.
Radare Radare2=5.5.2
CVE-2022-1809
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
Radare Radare2<5.7.0
CVE-2022-1714
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensiti...
Radare Radare2<5.7.0
CVE-2022-1649
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of he...
Radare Radare2<5.7.0
CVE-2022-1451
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typi...
Radare Radare2<5.7.0
CVE-2022-1452
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. T...
Radare Radare2<5.7.0
CVE-2022-1444
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.
Radare Radare2<5.7.0
CVE-2022-1437
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read...
Radare Radare2<5.7.0
CVE-2022-1382
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.
Radare Radare2<5.6.8
CVE-2022-1383
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read...
Radare Radare2<5.6.8
CVE-2022-1297
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
Radare Radare2<5.6.8
CVE-2022-1296
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
Radare Radare2<5.6.8
CVE-2022-1284
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
Radare Radare2<5.6.8
CVE-2022-1283
NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash...
Radare Radare2<5.6.8
CVE-2022-1237
Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overfl...
Radare Radare2<5.6.8
CVE-2022-1238
Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap b...
Radare Radare2<5.6.8
CVE-2022-1207
Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.
Radare Radare2<5.6.8
CVE-2022-1052
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.
Radare Radare2<5.6.6
CVE-2022-1061
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.
Radare Radare2<5.6.8
CVE-2022-1031
Radare Radare2<5.6.6
CVE-2021-4021
Radare Radare2<=5.5.0
CVE-2022-0695
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
Radare Radare2<5.6.4
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-0476
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
Radare Radare2<5.6.4
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-0713
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
Radare Radare2<5.6.4
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-0712
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.
Radare Radare2<5.6.4
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-0676
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
Radare Radare2<5.6.4
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-0559
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
Radare Radare2<5.6.2
Fedoraproject Fedora=35
Fedoraproject Fedora=36

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203