CVE-2018-20456

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asmx86nz.c may allow attackers to cause a denial of service application crash in libr/util/strbuf.c via a stack-based buffer over-read by crafting an input file, a related issue to CVE-2018-20455...

UBUNTU-CVE-2018-10186

In radare2 2.5.0, there is a heap-based buffer over-read in the rhexbin2str function libr/util/hex.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368...

CVE-2018-10186

In radare2 2.5.0, there is a heap-based buffer over-read in the rhexbin2str function libr/util/hex.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368...

radare2 denial of service vulnerability (CNVD-2017-07214)

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in the 'readu32leb128' function in the libr/util/uleb128.c file in radare2 version 1.3.0. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer out-of-bounds...

Heap overflow

The readu32leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted Web Assembly file...