Radare2 Security Vulnerabilities and Issues — Radare2 CVE List

Lucene search

RadareRadare2

8 matches found

CVE•added 2019/06/15 5:29 p.m.•157 views

CVE-2019-12829

radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.

7.5CVSS8AI score0.00927EPSS

CVE•added 2019/12/09 1:15 a.m.•152 views

CVE-2019-19647

radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.

7.8CVSS8AI score0.0049EPSS

CVE•added 2019/06/13 9:29 p.m.•91 views

CVE-2019-12802

In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg)...

7.8CVSS8AI score0.00469EPSS

CVE•added 2019/06/10 7:29 p.m.•86 views

CVE-2019-12790

In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.

7.8CVSS8AI score0.0049EPSS

CVE•added 2019/06/17 11:15 p.m.•84 views

CVE-2019-12865

In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.

5.5CVSS6.1AI score0.00262EPSS

CVE•added 2019/08/07 3:15 p.m.•82 views

CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded i...

7.8CVSS7.7AI score0.07084EPSS

CVE•added 2019/12/05 2:15 a.m.•73 views

CVE-2019-19590

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote a...

7.8CVSS8.1AI score0.03052EPSS

CVE•added 2019/09/23 2:15 p.m.•46 views

CVE-2019-16718

In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and i...

7.8CVSS7.8AI score0.07084EPSS