radare2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open-source tools to disasm, debug, analyze and manipulate binary files
Version 5.4.0-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2245 5.3.1-1 5.4.0-1 Low Fixed
AVG-1950 5.2.1-1 5.3.1-1 Low Fixed
AVG-709 2.5.0-1 2.6.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-32613 AVG-1950 Low No Denial of service
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parser via a crafted file which can lead to denial of service.
CVE-2021-3673 AVG-2245 Low No Denial of service
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and denial...
CVE-2018-11384 AVG-709 Medium Yes Denial of service
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11383 AVG-709 Medium Yes Denial of service
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF...
CVE-2018-11382 AVG-709 Medium Yes Denial of service
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11381 AVG-709 Medium Yes Denial of service
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11380 AVG-709 Medium Yes Denial of service
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11379 AVG-709 Medium Yes Denial of service
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11378 AVG-709 High Yes Arbitrary code execution
The wasm_dis() function in libr/asm/arch/wasm/wasm.c has a stack- buffer overflow that may result in denial-of-service or possibly have unspecified other...
CVE-2018-11377 AVG-709 Medium Yes Denial of service
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11376 AVG-709 Medium Yes Denial of service
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11375 AVG-709 Medium Yes Denial of service
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...

Advisories

Date Advisory Group Severity Type
15 Jun 2021 ASA-202106-40 AVG-1950 Low denial of service
05 Jun 2018 ASA-201806-2 AVG-709 High multiple issues