Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Radare2
(Radare)| Repositories |
• https://github.com/radare/radare2
• https://github.com/devnexen/radare2 |
| #Vulnerabilities | 133 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-19 | CVE-2020-27793 | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | Radare2 | 7.5 | ||
| 2022-08-19 | CVE-2020-27794 | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | Radare2 | 9.1 | ||
| 2022-08-19 | CVE-2020-27795 | A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). | Radare2 | 7.5 | ||
| 2022-12-10 | CVE-2022-4398 | Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. | Radare2 | 7.8 | ||
| 2022-12-29 | CVE-2022-4843 | NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2. | Radare2 | 7.5 | ||
| 2023-01-15 | CVE-2023-0302 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | Radare2 | 7.8 | ||
| 2023-03-23 | CVE-2023-1605 | Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. | Radare2 | 7.5 | ||
| 2023-07-07 | CVE-2021-32494 | Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. | Radare2 | 7.5 | ||
| 2023-07-07 | CVE-2021-32495 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. | Radare2 | 9.1 | ||
| 2023-08-14 | CVE-2023-4322 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | Fedora, Radare2 | 9.8 |