CVE-2025-1864 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Radare2

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

0.4%

top 41.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Radareorg Radare2 Debian Radare2 Radare Radare2

Timeline

PublishedMar 3

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages3 packages

▶CVEListV5radareorg/radare2< <5.9.9

▶debiandebian/radare2< radare2 6.0.4+dfsg-1 (sid)

▶NVDradare/radare25.9.8

🔴Vulnerability Details

GHSA

GHSA-qp2x-2vj2-93c6: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers↗2025-03-03

▶

OSV

CVE-2025-1864: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers↗2025-03-03

▶

📋Vendor Advisories

Debian

CVE-2025-1864: radare2 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerab...↗2025

▶