CVE-2020-27794Double Free in Radare2

CWE-415Double Free4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.4%
top 39.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Radare Radare2Debian Radare2
Timeline
PublishedAug 19
Latest updateAug 20

Description

A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDradare/radare2< 4.4.0
debiandebian/radare2< radare2 5.0.0+dfsg-1 (sid)
CVEListV5radare/radare2Fixed in v4.4.0.

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-wjh8-mh8q-qg7h: A double free issue was discovered in radare2 in cmd_info2022-08-20
OSV
CVE-2020-27794: A double free issue was discovered in radare2 in cmd_info2022-08-19

📋Vendor Advisories

1
Debian
CVE-2020-27794: radare2 - A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successf...2020