CVE-2024-29646Classic Buffer Overflow in Radare2

CWE-120Classic Buffer Overflow4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Radare2Radare Radare2
Timeline
PublishedDec 17
Latest updateDec 18

Description

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

debiandebian/radare2< radare2 5.9.0+dfsg-1 (sid)
NVDradare/radare25.8.8

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-6gq9-2wfh-4rj3: Buffer Overflow vulnerability in radarorg radare2 v2024-12-18
OSV
CVE-2024-29646: Buffer Overflow vulnerability in radarorg radare2 v2024-12-17

📋Vendor Advisories

1
Debian
CVE-2024-29646: radare2 - Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to ...2024