CVE-2026-41015

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

PT-2026-33247

radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...

SUSE CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

Linux Distros Unpatched Vulnerability : CVE-2022-1207

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the...

Linux Distros Unpatched Vulnerability : CVE-2018-8808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 2.4.0, there is a heap-based buffer over-read in the rasmdisassemble function of asm.c. Remote attackers could leverage this vulnerability to cause a...

Linux Distros Unpatched Vulnerability : CVE-2022-0521

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. CVE-2022-0521 Note that Nessus relies on the presence of th...

AZL-57639 CVE-2025-1744 affecting package gdal 3.6.3-2

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before 5.9.9...

Radare2 安全漏洞

Radare2 is a Libre reverse framework open-sourced by radare for Unix geeks. A security vulnerability exists in Radare2 versions prior to 5.9.9 that stems from a heap buffer over-read or buffer overflow...

SUSE CVE-2024-48241

An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the bfdiv function...

radare2 安全漏洞

radare2 is the radare open source set of libraries and tools for working with binaries. A security vulnerability exists in radare2 versions v5.8.0 through v5.9.4, which originated from allowing a local attacker to cause a denial of service via the bfdiv function...

UBUNTU-CVE-2023-47016

radare2 5.8.9 has an out-of-bounds read in rbinobjectsetitems in libr/bin/bobj.c, causing a crash in rreadle32 in libr/include/rendian.h...

UBUNTU-CVE-2023-46569

An out-of-bounds read in radare2 v.5.8.9 and before exists in the printinsn32fpu function of libr/arch/p/nds32/nds32-dis.h...

SUSE CVE-2021-32494

Radare2 has a division by zero vulnerability in Mach-O parser's rebasebuffer function. This allow attackers to create malicious inputs that can cause denial of service...

SUSE CVE-2018-20460

In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service application crash caused by stack-based buffer overflow by crafting an input file...

SUSE CVE-2022-1238

Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see CWE...

UBUNTU-CVE-2020-15121

In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current...

radare2 'r_bin_dyldcache_extract' function heap buffer overflow vulnerability

radare2 is a set of libraries and tools for working with binary files. A heap buffer overflow vulnerability exists in the 'rbindyldcacheextract' function in the libr/bin/format/mach0/dyldcache.c file in radare2 versions prior to 3.1.1. An attacker can exploit this vulnerability to cause a denial ...

radare2 denial of service vulnerability (CNVD-2017-32251)

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in the 'wasmdis' function in the libr/asm/arch/wasm/wasm.c file in radare2 version 2.0.0. A remote attacker can exploit this vulnerability to cause a denial of service stack-based buffer...

DEBIAN-CVE-2017-9763

The grubext2readblock function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service excessive stack use and application crash via a crafted binary file, related to use of a variable-size stack array...