CVE-2025-1744 — Out-of-bounds Write in Radare2

CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

0.5%

top 36.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Debian Radare2 Radare Radare2 +20 more

Timeline

PublishedFeb 28

Description

Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages23 packages

▶CVEListV5radareorg/radare2< <5.9.9

▶debiandebian/radare2< radare2 6.0.4+dfsg-1 (sid)

▶NVDradare/radare25.9.8

▶msrcmsrc/azl3_gdb_13.2-4

▶msrcmsrc/azl3_gcc_13.2.0-7

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-mqpp-c67f-qr4v: Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow↗2025-02-28

▶

OSV

CVE-2025-1744: Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow↗2025-02-28

▶

📋Vendor Advisories

Microsoft

Out-of-bounds Write in radare2↗2025-02-11

▶

Debian

CVE-2025-1744: radare2 - Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffe...↗2025

▶