CVE-2023-5686: Heap-based Buffer Overflow in radareorg/radare2
First published: Fri Oct 20 2023(Updated: )
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
Credit: security@huntr.dev security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <5.9.0 | ||
| =37 | ||
| =38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de
- https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55/
Frequently Asked Questions
What is CVE-2023-5686?
CVE-2023-5686 is a heap-based buffer overflow vulnerability in the GitHub repository radareorg/radare2 prior to version 5.9.0.
How severe is CVE-2023-5686?
CVE-2023-5686 has a severity level of 8.8 (high).
What software is affected by CVE-2023-5686?
The software affected by CVE-2023-5686 is Radare Radare2 version up to 5.9.0.
How can I fix CVE-2023-5686?
To fix CVE-2023-5686, update Radare Radare2 to version 5.9.0 or later.
What are the Common Weakness Enumerations (CWE) associated with CVE-2023-5686?
The CWEs associated with CVE-2023-5686 are CWE-119, CWE-122, and CWE-787.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/severity
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/radare
- vendor/fedoraproject