Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Radare2
(Radare)| Repositories |
• https://github.com/radare/radare2
• https://github.com/devnexen/radare2 |
| #Vulnerabilities | 132 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-11 | CVE-2022-1297 | Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. | Radare2 | 9.1 | ||
| 2022-04-06 | CVE-2022-1237 | Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | Radare2 | 7.8 | ||
| 2022-04-06 | CVE-2022-1240 | Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | Radare2 | 7.8 | ||
| 2022-04-01 | CVE-2022-1207 | Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary. | Radare2 | 6.6 | ||
| 2022-03-24 | CVE-2022-1061 | Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. | Radare2 | 7.5 | ||
| 2022-03-22 | CVE-2022-1031 | Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. | Radare2 | 7.8 | ||
| 2022-03-05 | CVE-2022-0849 | Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. | Radare2 | 5.5 | ||
| 2022-02-08 | CVE-2022-0139 | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. | Radare2 | 9.8 | ||
| 2019-06-15 | CVE-2019-12829 | radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c. | Radare2 | 7.5 | ||
| 2019-09-23 | CVE-2019-16718 | In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. | Radare2 | 7.8 |