Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Radare2
(Radare)| Repositories |
• https://github.com/radare/radare2
• https://github.com/devnexen/radare2 |
| #Vulnerabilities | 132 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-12 | CVE-2018-14017 | The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new. | Radare2 | 5.5 | ||
| 2018-07-12 | CVE-2018-14016 | The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file. | Radare2 | 5.5 | ||
| 2018-07-12 | CVE-2018-14015 | The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c. | Radare2 | 5.5 | ||
| 2017-03-02 | CVE-2017-6415 | The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file. | Radare2 | 5.5 | ||
| 2018-12-25 | CVE-2018-20460 | In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file. | Radare2 | 5.5 | ||
| 2018-12-25 | CVE-2018-20455 | In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. | Radare2 | 5.5 | ||
| 2018-09-12 | CVE-2018-15834 | In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file. | Radare2 | 5.5 | ||
| 2018-05-22 | CVE-2018-11383 | The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. | Radare2 | 5.5 | ||
| 2017-04-13 | CVE-2017-7854 | The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | Radare2 | 5.5 | ||
| 2017-04-12 | CVE-2017-7716 | The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | Radare2 | 5.5 |