CVE-2025-5642Improper Restriction of Operations within the Bounds of a Memory Buffer in Radare2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
2.0LOWNVD
EPSS
0.2%
top 63.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Radare2Radare Radare2Msrc Cbl2 Python3 3.9.19-13 ON CBL Mariner 2.0
Timeline
PublishedJun 5

Description

A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is id

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

debiandebian/radare2< radare2 6.0.4+dfsg-1 (sid)
NVDradare/radare25.9.9

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-cg87-4m9w-583q: A vulnerability classified as problematic has been found in Radare2 52025-06-05
OSV
CVE-2025-5642: A vulnerability classified as problematic has been found in Radare2 52025-06-05

📋Vendor Advisories

2
Debian
CVE-2025-5642: radare2 - A vulnerability classified as problematic has been found in Radare2 5.9.9. Affec...2025
Microsoft
Buffer overread when using an empty list with SSLContext.set_npn_protocols()2024-06-11