Debian Radare2 vulnerabilities

154 known vulnerabilities affecting debian/radare2.

Total CVEs

154

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL14HIGH51MEDIUM42LOW47

Vulnerabilities

Page 3 of 8

CVE-2022-1809HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1809 [HIGH] CVE-2022-1809: radare2 - Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to ... Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-4398HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-4398 [HIGH] CVE-2022-4398: radare2 - Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5... Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1451HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1451 [HIGH] CVE-2022-1451: radare2 - Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repo... Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.mit

debian

CVE-2022-28073HIGHCVSS 7.5fixed in radare2 5.5.0+dfsg-1 (sid)2022

CVE-2022-28073 [HIGH] CVE-2022-28073: radare2 - A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. Scope: local sid: resolved (fixed in 5.5.0+dfsg-1)

debian

CVE-2022-0676HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0676 [HIGH] CVE-2022-0676: radare2 - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4... Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1238HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1238 [HIGH] CVE-2022-1238: radare2 - Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/ra... Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-28069HIGHCVSS 7.5fixed in radare2 5.5.0+dfsg-1 (sid)2022

CVE-2022-28069 [HIGH] CVE-2022-28069: radare2 - A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. Scope: local sid: resolved (fixed in 5.5.0+dfsg-1)

debian

CVE-2022-1452HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1452 [HIGH] CVE-2022-1452: radare2 - Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub r... Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. More details see [CWE-125: Out-of-bounds read](https://cwe.

debian

CVE-2022-1061HIGHCVSS 7.5fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1061 [HIGH] CVE-2022-1061: radare2 - Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prio... Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-0519HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0519 [HIGH] CVE-2022-0519: radare2 - Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2... Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1714HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1714 [HIGH] CVE-2022-1714: radare2 - Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bu... Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-0521HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0521 [HIGH] CVE-2022-0521: radare2 - Access of Memory Location After End of Buffer in GitHub repository radareorg/rad... Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-0713HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0713 [HIGH] CVE-2022-0713: radare2 - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4... Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1240HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1240 [HIGH] CVE-2022-1240: radare2 - Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radar... Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/

debian

CVE-2022-1237HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1237 [HIGH] CVE-2022-1237: radare2 - Improper Validation of Array Index in GitHub repository radareorg/radare2 prior ... Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-0523HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0523 [HIGH] CVE-2022-0523: radare2 - Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-28068HIGHCVSS 7.5fixed in radare2 5.5.0+dfsg-1 (sid)2022

CVE-2022-28068 [HIGH] CVE-2022-28068: radare2 - A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. Scope: local sid: resolved (fixed in 5.5.0+dfsg-1)

debian

CVE-2022-0518HIGHCVSS 7.1fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-0518 [HIGH] CVE-2022-0518: radare2 - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2... Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1031HIGHCVSS 7.8fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1031 [HIGH] CVE-2022-1031: radare2 - Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5... Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

CVE-2022-1052MEDIUMCVSS 5.5fixed in radare2 5.9.0+dfsg-1 (sid)2022

CVE-2022-1052 [MEDIUM] CVE-2022-1052: radare2 - Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/ra... Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6. Scope: local sid: resolved (fixed in 5.9.0+dfsg-1)

debian

← Previous3 / 8Next →