Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Radare2
(Radare)| Repositories |
• https://github.com/radare/radare2
• https://github.com/devnexen/radare2 |
| #Vulnerabilities | 132 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-21 | CVE-2022-1809 | Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. | Radare2 | 7.8 | ||
| 2022-05-24 | CVE-2021-44975 | radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. | Radare2 | 5.5 | ||
| 2022-05-25 | CVE-2021-44974 | radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. | Radare2 | 5.5 | ||
| 2022-05-26 | CVE-2022-1899 | Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | Radare2 | 9.1 | ||
| 2022-07-22 | CVE-2022-34502 | Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file. | Radare2 | 5.5 | ||
| 2022-07-22 | CVE-2022-34520 | Radare2 v5.7.2 was discovered to contain a NULL pointer dereference via the function r_bin_file_xtr_load_buffer at bin/bfile.c. This vulnerability allows attackers to cause a Denial of Service (DOS) via a crafted binary file. | Radare2 | 5.5 | ||
| 2022-08-19 | CVE-2020-27793 | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | Radare2 | 7.5 | ||
| 2022-08-19 | CVE-2020-27794 | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | Radare2 | 9.1 | ||
| 2022-08-19 | CVE-2020-27795 | A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). | Radare2 | 7.5 | ||
| 2022-12-10 | CVE-2022-4398 | Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. | Radare2 | 7.8 |