radare2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open-source tools to disasm, debug, analyze and manipulate binary files
Version 5.8.8-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2748 5.5-1 5.6-1 Medium Fixed
AVG-2583 5.4.2-1 5.5.2-1 Low Fixed
AVG-2245 5.3.1-1 5.4.0-1 Low Fixed
AVG-1950 5.2.1-1 5.3.1-1 Low Fixed
AVG-709 2.5.0-1 2.6.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2022-0419 AVG-2748 Medium Unknown Unknown
NULL pointer dereference in load_buffer
CVE-2021-44975 AVG-2748 Unknown Unknown Unknown
Buffer Overflow via /libr/core/anal_objc.c mach-o parser
CVE-2021-44974 AVG-2748 Unknown Unknown Unknown
NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser
CVE-2021-32613 AVG-1950 Low No Denial of service
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parser via a crafted file which can lead to denial of service.
CVE-2021-4021 AVG-2583 Low No Denial of service
A vulnerability was found in Radare2 5.5.0 and in previous versions. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can...
CVE-2021-3673 AVG-2245 Low No Denial of service
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and denial...
CVE-2018-11384 AVG-709 Medium Yes Denial of service
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11383 AVG-709 Medium Yes Denial of service
The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF...
CVE-2018-11382 AVG-709 Medium Yes Denial of service
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11381 AVG-709 Medium Yes Denial of service
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11380 AVG-709 Medium Yes Denial of service
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11379 AVG-709 Medium Yes Denial of service
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11378 AVG-709 High Yes Arbitrary code execution
The wasm_dis() function in libr/asm/arch/wasm/wasm.c has a stack- buffer overflow that may result in denial-of-service or possibly have unspecified other...
CVE-2018-11377 AVG-709 Medium Yes Denial of service
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash)...
CVE-2018-11376 AVG-709 Medium Yes Denial of service
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...
CVE-2018-11375 AVG-709 Medium Yes Denial of service
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a...

Advisories

Date Advisory Group Severity Type
15 Jun 2021 ASA-202106-40 AVG-1950 Low denial of service
05 Jun 2018 ASA-201806-2 AVG-709 High multiple issues