Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Radare2
(Radare)Repositories |
• https://github.com/radare/radare2
• https://github.com/devnexen/radare2 |
#Vulnerabilities | 132 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-07-12 | CVE-2018-14015 | The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. | Radare2 | 5.5 | ||
2017-03-02 | CVE-2017-6415 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. | Radare2 | 5.5 | ||
2018-12-25 | CVE-2018-20460 | In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file. | Radare2 | 5.5 | ||
2018-12-25 | CVE-2018-20455 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. | Radare2 | 5.5 | ||
2018-09-12 | CVE-2018-15834 | In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | Radare2 | 5.5 | ||
2018-05-22 | CVE-2018-11383 | The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. | Radare2 | 5.5 | ||
2017-04-13 | CVE-2017-7854 | The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | Radare2 | 5.5 | ||
2017-04-12 | CVE-2017-7716 | The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | Radare2 | 5.5 | ||
2017-10-16 | CVE-2017-15368 | The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. | Radare2 | 7.8 | ||
2018-03-20 | CVE-2018-8810 | In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file. | Radare2 | 5.5 |