Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Radare2
(Radare)| Repositories |
• https://github.com/radare/radare2
• https://github.com/devnexen/radare2 |
| #Vulnerabilities | 132 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-02 | CVE-2017-6387 | The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. | Radare2 | 5.5 | ||
| 2017-03-02 | CVE-2017-6319 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. | Radare2 | 7.8 | ||
| 2017-02-24 | CVE-2017-6197 | The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. | Radare2 | 5.5 | ||
| 2017-04-03 | CVE-2017-6194 | The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. | Radare2 | 7.8 | ||
| 2017-11-13 | CVE-2017-16805 | In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. | Radare2 | 5.5 | ||
| 2017-11-01 | CVE-2017-16359 | In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. | Radare2 | 5.5 | ||
| 2017-11-01 | CVE-2017-16358 | In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. | Radare2 | 7.8 | ||
| 2017-11-01 | CVE-2017-16357 | In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. | Radare2 | 7.8 | ||
| 2017-10-27 | CVE-2017-15932 | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. | Radare2 | 7.8 | ||
| 2017-10-27 | CVE-2017-15931 | In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. | Radare2 | 7.8 |