Product:

Radare2

(Radare)
Repositories https://github.com/radare/radare2
https://github.com/devnexen/radare2
#Vulnerabilities 132
Date Id Summary Products Score Patch Annotated
2023-08-22 CVE-2022-28071 A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. Radare2 7.5
2023-08-22 CVE-2022-28072 A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. Radare2 7.5
2023-08-22 CVE-2022-28073 A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. Radare2 7.5
2023-10-20 CVE-2023-5686 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Fedora, Radare2 8.8
2023-10-28 CVE-2023-46569 An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. Radare2 9.8
2023-10-28 CVE-2023-46570 An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. Radare2 9.8
2023-11-22 CVE-2023-47016 radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h. Radare2 7.5
2019-06-10 CVE-2019-12790 In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c. Radare2 7.8
2019-06-13 CVE-2019-12802 In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). Fedora, Radare2 7.8
2019-06-17 CVE-2019-12865 In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. Radare2 5.5