CVE-2025-60358 — Missing Release of Memory after Effective Lifetime in Radare2

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 16

Latest updateOct 27

Description

radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

▶debiandebian/radare2< radare2 6.0.4+dfsg-1 (sid)

▶Ubunturadare/radare2< 5.9.8+dfsg-2ubuntu0.25.10.1

OSV

radare2 vulnerability↗2025-10-27

▶

OSV

CVE-2025-60358: radare2 v↗2025-10-16

▶

GHSA

GHSA-3h89-j8rf-vq88: radare2 v↗2025-10-16

▶

Ubuntu

Radare2 vulnerability↗2025-10-27

▶

Debian

CVE-2025-60358: radare2 - radare2 v.5.9.8 and before contains a memory leak in the function _load_relocati...↗2025

▶