CVE-2024-26475 — NULL Pointer Dereference in Radare2

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 82.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radare Radare2 Debian Radare2

Timeline

PublishedMar 14

Latest updateMar 15

Description

An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDradare/radare20.9.7 — 5.8.8

▶debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-65mr-fw35-qf44: An issue in radareorg radare2 v↗2024-03-15

▶

OSV

CVE-2024-26475: An issue in radareorg radare2 v↗2024-03-14

▶

📋Vendor Advisories

Debian

CVE-2024-26475: radare2 - An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allow...↗2024

▶