Radare2@2.5.0 Security Vulnerabilities and Issues — Radare2@2.5.0 CVE List

Lucene search

RadareRadare22.5.0

12 matches found

CVE•added 2018/04/17 8:29 p.m.•42 views

CVE-2018-10186

In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.

5.5CVSS5.8AI score0.00237EPSS

CVE•added 2018/05/22 7:29 p.m.•42 views

CVE-2018-11380

The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.

5.5CVSS5.4AI score0.00248EPSS

CVE•added 2018/04/17 8:29 p.m.•41 views

CVE-2018-10187

In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was patched earlier.

5.5CVSS5.2AI score0.00226EPSS

CVE•added 2018/05/22 7:29 p.m.•41 views

CVE-2018-11377

The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

5.5CVSS5.4AI score0.00256EPSS

CVE•added 2018/05/22 7:29 p.m.•40 views

CVE-2018-11379

The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.

5.5CVSS5.4AI score0.00248EPSS

CVE•added 2018/05/22 7:29 p.m.•40 views

CVE-2018-11383

The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c.

5.5CVSS5.5AI score0.00248EPSS

CVE•added 2018/05/22 7:29 p.m.•39 views

CVE-2018-11375

The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

5.5CVSS5.4AI score0.00232EPSS

CVE•added 2018/05/22 7:29 p.m.•39 views

CVE-2018-11378

The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.

7.8CVSS8AI score0.00201EPSS

CVE•added 2018/05/22 7:29 p.m.•39 views

CVE-2018-11381

The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

5.5CVSS5.4AI score0.00248EPSS

CVE•added 2018/05/22 7:29 p.m.•38 views

CVE-2018-11384

The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

5.5CVSS5.4AI score0.00248EPSS

CVE•added 2018/05/22 7:29 p.m.•37 views

CVE-2018-11376

The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

5.5CVSS5.4AI score0.00248EPSS

CVE•added 2018/05/22 7:29 p.m.•36 views

CVE-2018-11382

The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

5.5CVSS5.4AI score0.00232EPSS