CVE-2025-1378 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Radare2

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 89.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Radare2 Radare Radare2

Timeline

PublishedFeb 17

Description

A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected compon…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶debiandebian/radare2< radare2 6.0.4+dfsg-1 (sid)

▶CVEListV5radare/radare25.9.9 33286

▶NVDradare/radare25.9.9

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-1378: A vulnerability, which was classified as problematic, was found in radare2 5↗2025-02-17

▶

GHSA

GHSA-3r39-mw8c-6g5f: A vulnerability, which was classified as problematic, was found in radare2 5↗2025-02-17

▶

📋Vendor Advisories

Debian

CVE-2025-1378: radare2 - A vulnerability, which was classified as problematic, was found in radare2 5.9.9...↗2025

▶