Total
154 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16359 | 1 Radare | 1 Radare2 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
|
|||||
| CVE-2017-9761 | 1 Radare | 1 Radare2 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
|
|||||
| CVE-2017-15931 | 1 Radare | 1 Radare2 | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
|
|||||
| CVE-2017-16358 | 1 Radare | 1 Radare2 | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
|
|||||
| CVE-2017-6415 | 1 Radare | 1 Radare2 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file.
|
|||||
| CVE-2024-26475 | 1 Radare | 1 Radare2 | 2025-03-27 | N/A | 5.5 MEDIUM |
|
An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.
|
|||||
| CVE-2018-14015 | 1 Radare | 1 Radare2 | 2025-03-18 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.
|
|||||
| CVE-2023-27114 | 1 Radare | 1 Radare2 | 2025-02-28 | N/A | 5.5 MEDIUM |
|
radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.
|
|||||
| CVE-2023-5686 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | N/A | 8.8 HIGH |
|
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
|
|||||
| CVE-2023-4322 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
|
|||||
| CVE-2023-47016 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h.
|
|||||
| CVE-2023-46570 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.
|
|||||
| CVE-2023-46569 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.
|
|||||
| CVE-2023-1605 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
|
|||||
| CVE-2023-0302 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.8 HIGH |
|
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
|
|||||
| CVE-2022-4843 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.
|
|||||
| CVE-2022-4398 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.8 HIGH |
|
Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.
|
|||||
| CVE-2022-34520 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file.
|
|||||
| CVE-2022-34502 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.
|
|||||
| CVE-2022-28073 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.
|
|||||
| CVE-2022-28072 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
|
|||||
| CVE-2022-28071 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.
|
|||||
| CVE-2022-28070 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
|
|||||
| CVE-2022-28069 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
|
|||||
| CVE-2022-28068 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.5 HIGH |
|
A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
|
|||||
| CVE-2022-1899 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.
|
|||||
| CVE-2022-1809 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
|
|||||
| CVE-2022-1714 | 1 Radare | 1 Radare2 | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
|
|||||
| CVE-2022-1649 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).
|
|||||
| CVE-2022-1452 | 1 Radare | 1 Radare2 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
|
|||||
| CVE-2022-1451 | 1 Radare | 1 Radare2 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mitre.org/data/definitions/125.html).
|
|||||
| CVE-2022-1444 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.
|
|||||
| CVE-2022-1437 | 1 Radare | 1 Radare2 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
|
|||||
| CVE-2022-1383 | 1 Radare | 1 Radare2 | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
|
|||||
| CVE-2022-1382 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.
|
|||||
| CVE-2022-1297 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
|
|||||
| CVE-2022-1296 | 1 Radare | 1 Radare2 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
|
|||||
| CVE-2022-1284 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
|
|||||
| CVE-2022-1283 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).
|
|||||
| CVE-2022-1244 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
|
|||||