Debian Radare2 vulnerabilities

154 known vulnerabilities affecting debian/radare2.

Total CVEs

154

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL14HIGH51MEDIUM42LOW47

Vulnerabilities

Page 2 of 8

CVE-2024-11858HIGHCVSS 8.6fixed in radare2 5.9.8+dfsg-1 (sid)2024

CVE-2024-11858 [HIGH] CVE-2024-11858: radare2 - A flaw was found in Radare2, which contains a command injection vulnerability ca... A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing Scope: local sid: resolved (fixed in 5.9.8+dfsg-1)

debian

CVE-2024-26475MEDIUMCVSS 5.5fixed in radare2 5.9.0+dfsg-1 (sid)2024

CVE-2024-26475 [MEDIUM] CVE-2024-26475: radare2 - An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allow... An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2024-48241MEDIUMCVSS 5.5fixed in radare2 5.9.8+dfsg-1 (sid)2024

CVE-2024-48241 [MEDIUM] CVE-2024-48241: radare2 - An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a den... An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. Scope: local sid: resolved (fixed in 5.9.8+dfsg-1)

debian

CVE-2023-4322CRITICALCVSS 9.8fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-4322 [CRITICAL] CVE-2023-4322: radare2 - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0... Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2023-46570CRITICALCVSS 9.8fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-46570 [CRITICAL] CVE-2023-46570: radare2 - An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 f... An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2023-46569CRITICALCVSS 9.8fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-46569 [CRITICAL] CVE-2023-46569: radare2 - An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_f... An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2023-0302HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-0302 [HIGH] CVE-2023-0302: radare2 - Failure to Sanitize Special Elements into a Different Plane (Special Element Inj... Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2023-47016HIGHCVSS 7.5fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-47016 [HIGH] CVE-2023-47016: radare2 - radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bo... radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian.h. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2023-1605HIGHCVSS 7.5fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-1605 [HIGH] CVE-2023-1605: radare2 - Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2023-5686HIGHCVSS 8.8fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-5686 [HIGH] CVE-2023-5686: radare2 - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0... Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2023-27114MEDIUMCVSS 5.5fixed in radare2 5.9.0+dfsg-1 (sid)2023

CVE-2023-27114 [MEDIUM] CVE-2023-27114: radare2 - radare2 v5.8.3 was discovered to contain a segmentation fault via the component ... radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1297CRITICALCVSS 9.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1297 [CRITICAL] CVE-2022-1297: radare2 - Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository rad... Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1296CRITICALCVSS 9.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1296 [CRITICAL] CVE-2022-1296: radare2 - Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radare... Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-0559CRITICALCVSS 9.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0559 [CRITICAL] CVE-2022-0559: radare2 - Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1899CRITICALCVSS 9.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1899 [CRITICAL] CVE-2022-1899: radare2 - Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-0139CRITICALCVSS 9.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0139 [CRITICAL] CVE-2022-0139: radare2 - Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-28072HIGHCVSS 7.5fixed in radare2 5.5.0+dfsg-1 (sid)2022

CVE-2022-28072 [HIGH] CVE-2022-28072: radare2 - A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. Scope: local sid: resolved (fixed in 5.5.0+dfsg-1)

debian

CVE-2022-1437HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1437 [HIGH] CVE-2022-1437: radare2 - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0... Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-28070HIGHCVSS 7.5fixed in radare2 5.5.0+dfsg-1 (sid)2022

CVE-2022-28070 [HIGH] CVE-2022-28070: radare2 - A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. Scope: local sid: resolved (fixed in 5.5.0+dfsg-1)

debian

CVE-2022-28071HIGHCVSS 7.5fixed in radare2 5.5.0+dfsg-1 (sid)2022

CVE-2022-28071 [HIGH] CVE-2022-28071: radare2 - A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. Scope: local sid: resolved (fixed in 5.5.0+dfsg-1)

debian

← Previous2 / 8Next →