Radare2 - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Radare2
(Radare)

Repositories	• https://github.com/radare/radare2 • https://github.com/devnexen/radare2
#Vulnerabilities	132

Date	Id	Summary	Products	Score	Patch	Annotated
2018-03-20	CVE-2018-8809	In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.	Radare2	5.5
2018-03-20	CVE-2018-8808	In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file.	Radare2	5.5
2018-12-25	CVE-2018-20461	In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file.	Radare2	5.5
2018-12-25	CVE-2018-20456	In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455.	Radare2	5.5
2018-12-04	CVE-2018-19843	opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.	Radare2	5.5
2018-12-04	CVE-2018-19842	getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.	Radare2	5.5
2018-06-13	CVE-2018-12322	There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.	Radare2	5.5
2018-06-13	CVE-2018-12321	There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.	Radare2	7.8
2018-06-13	CVE-2018-12320	There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.	Radare2	7.8
2018-05-22	CVE-2018-11384	The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.	Radare2	5.5