198 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-6940
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by...
CVE-2026-40517
A flaw was found in radare2 that could lead to arbitrary operating system OS command execution. A local user could be exploited through a command injection vulnerability in the PDB Program Database parser. By processing a specially crafted malicious PDB file, the idp command would execute arbitra...
EUVD-2026-25301
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6941 radare2 < 6.1.4 Project Notes Path Traversal via Symlink
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
PT-2026-34751
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
PT-2026-34573
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print gvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through...
Linux Distros Unpatched Vulnerability : CVE-2026-40527
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2...
SUSE CVE-2026-40527
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...
Linux Distros Unpatched Vulnerability : CVE-2026-41015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the...
CVE-2026-41015
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...
Linux Distros Unpatched Vulnerability : CVE-2026-40499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary...
CVE-2026-40499
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
EUVD-2026-22826
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
CVE-2026-40499 radare2 < 6.1.4 Command Injection via PDB Parser print_gvars()
radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...
Linux Distros Unpatched Vulnerability : CVE-2026-4174
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach...
TencentOS Server 4: radare2 (TSSA-2024:1041)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1041 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
UBUNTU-CVE-2025-63745
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...
CVE-2025-63745
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...
Radare2 安全漏洞
Radare2 is a Libre reverse framework open-sourced by Radare for Unix geeks. A security vulnerability exists in Radare2 6.0.5 and earlier versions, which stems from a null pointer dereference in the load function in bindyldcache.c, which could lead to segmentation errors and program crashes...
CVE-2025-63745
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...