CVE-2018-12320Use After Free in Radare2

CWE-416Use After Free4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 61.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Radare2Radare Radare2
Timeline
PublishedJun 13
Latest updateMay 14

Description

There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/radare2< radare2 2.7.0+dfsg-1 (sid)
NVDradare/radare22.6.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-39pg-x4cc-j86x: There is a use after free in radare2 22022-05-14
OSV
CVE-2018-12320: There is a use after free in radare2 22018-06-13

📋Vendor Advisories

1
Debian
CVE-2018-12320: radare2 - There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c...2018