Lucene search
K

649 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-40527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2...

8.5CVSS5.8AI score0.00915EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/20 1:44 p.m.6 views

CVE-2026-40527

A flaw was found in radare2. A remote attacker can exploit this by crafting an ELF Executable and Linkable Format binary that embeds malicious commands within its DWARF Debugging With Attributed Record Formats parameter names. When radare2 analyzes such a binary, these embedded commands are...

8.5CVSS5.9AI score0.00915EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.9 views

Oracle Linux 10 : delve (ELSA-2026-8842)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-8842 advisory. 1.25.2-3.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-3 - Rebuild with latest Go Tenable has extracted the preceding...

7.5CVSS8AI score0.00728EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2026/04/20 12:0 a.m.14 views

delve security update

1.25.2-3.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-3 - Rebuild with latest Go...

7.5CVSS5.8AI score0.00728EPSS
Exploits0
EUVD
EUVD
added 2026/04/17 9:31 p.m.7 views

EUVD-2026-23534

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6.2AI score0.00915EPSS
Exploits1References4
NVD
NVD
added 2026/04/17 9:16 p.m.10 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS0.00915EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/04/17 8:25 p.m.7 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6AI score0.00915EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:25 p.m.5 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6.2AI score0.00915EPSS
Exploits1References4
CVE
CVE
added 2026/04/17 8:25 p.m.12 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a local command-injection in the afsv/afsvj path. crafted ELF binaries can embed shell commands in DWARF DW_TAG_formal_parameter names; when radare2 analyzes the binary with aaa and subsequently runs afsvj, the unsanitized parameter interpolation in the pf...

8.5CVSS6.2AI score0.00915EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 8:25 p.m.4 views

CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6.2AI score0.00915EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/17 8:25 p.m.24 views

CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS0.00915EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/17 8:25 p.m.6 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS5.9AI score0.00915EPSS
Exploits1
OSV
OSV
added 2026/04/17 5:28 p.m.9 views

CLSA-2026-1776430866 binutils: Fix of 5 CVEs

CVE-2022-44840: fix heap buffer overflow in findsectioninset in dwarf.c - CVE-2023-25584: fix lack of bounds checking in vms-alpha.c parsemodule - CVE-2022-47673: fix OOB reads in parsemodule - CVE-2022-47696: fix uninitialised thebfd field in mach-o.c synthetic symbols - CVE-2022-45703: fix heap...

7.8CVSS6.8AI score0.00513EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.89 views

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Previous versions of Radare2, up to bc5a890, contained security vulnerabilities. These vulnerabilities stemmed from command injection in the afsv/afsvj command path. A specially crafted ELF binary could embed maliciou...

8.5CVSS6AI score0.00915EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2026/04/08 12:0 a.m.13 views

go-toolset:ol8 security update

delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-121223 golang 1.25.7-2 - Update to Go 1.25.8 fips-1 - Resolves: RHEL-156551 1.25.7-1 - Update to Go 1.25.7 fips-1 - Resolves: RHEL-146469...

7.8CVSS7.1AI score0.00728EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/11 8:2 a.m.7 views

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

...

5.5CVSS5.8AI score0.00166EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/09 8:19 p.m.6 views

CVE-2025-69648

A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF .debugrnglists data with the readelf program can trigger an infinite loop and result in a denial of service. Mitigation To mitigate this vulnerability, do not process untrusted, unverified or...

6.2CVSS5.8AI score0.00176EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/09 4:44 p.m.1 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the DWARF parsing process. An attacker can cause the application to enter an infinite output loop by providing a specially crafted binary with malformed DWARF loclists data, resulting in excessive CPU and I/O...

6.2CVSS5.8AI score0.00152EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/09 3:30 p.m.5 views

EUVD-2025-208412

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...

5.8AI score0.00152EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/09 3:30 p.m.5 views

EUVD-2025-208411

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...

5.8AI score0.00152EPSS
Exploits1References3
Rows per page
Query Builder