CVE-2021-32495Use After Free in Radare2

CWE-416Use After Free4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.3%
top 47.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Radare2Radare2Radare Radare2
Timeline
PublishedJul 7

Description

Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

debiandebian/radare2< radare2 5.5.0+dfsg-1 (sid)
NVDradare/radare25.3.0
CVEListV5radare2/radare2radare2 5.3.0-git 26142

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-43pp-rgp9-c5h8: Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function2023-07-07
OSV
CVE-2021-32495: Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function2023-07-07

📋Vendor Advisories

1
Debian
CVE-2021-32495: radare2 - Radare2 has a use-after-free vulnerability in pyc parser's get_none_object funct...2021