Radareorg Radare2 vulnerabilities

44 known vulnerabilities affecting radareorg/radareorg_radare2.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL6HIGH23MEDIUM15

Vulnerabilities

Page 2 of 3

CVE-2022-1238HIGHCVSS 7.8≥ unspecified, < 5.6.82022-04-06

CVE-2022-1238 [HIGH] CWE-787 CVE-2022-1238: Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8 Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

nvd

CVE-2022-1240HIGHCVSS 7.8≥ unspecified, < 5.8.62022-04-06

CVE-2022-1240 [HIGH] CWE-122 CVE-2022-1240: Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior t Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.

nvd

CVE-2022-1237HIGHCVSS 7.8≥ unspecified, < 5.6.82022-04-06

CVE-2022-1237 [HIGH] CWE-129 CVE-2022-1237: Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulne Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).

nvd

CVE-2022-1244MEDIUMCVSS 5.5≥ unspecified, < 5.6.82022-04-05

CVE-2022-1244 [MEDIUM] CWE-122 CVE-2022-1244: heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is ca heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

nvd

CVE-2022-1207MEDIUMCVSS 6.6≥ unspecified, < 5.6.82022-04-01

CVE-2022-1207 [MEDIUM] CWE-125 CVE-2022-1207: Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to read sensitive information from outside the allocated buffer boundary.

nvd

CVE-2022-1061HIGHCVSS 7.5≥ unspecified, < 5.6.82022-03-24

CVE-2022-1061 [HIGH] CWE-122 CVE-2022-1061: Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.

nvd

CVE-2022-1052MEDIUMCVSS 5.5≥ unspecified, < 5.6.62022-03-24

CVE-2022-1052 [MEDIUM] CWE-122 CVE-2022-1052: Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6 Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.

nvd

CVE-2022-1031HIGHCVSS 7.8≥ unspecified, < 5.6.62022-03-22

CVE-2022-1031 [HIGH] CWE-416 CVE-2022-1031: Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.

nvd

CVE-2022-0849MEDIUMCVSS 5.5≥ unspecified, < 5.6.62022-03-05

CVE-2022-0849 [MEDIUM] CWE-416 CVE-2022-0849: Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6. Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.

nvd

CVE-2022-0695MEDIUMCVSS 5.5≥ unspecified, < 5.6.42022-02-24

CVE-2022-0695 [MEDIUM] CWE-400 CVE-2022-0695: Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

nvd

CVE-2022-0476MEDIUMCVSS 5.5≥ unspecified, < 5.6.42022-02-23

CVE-2022-0476 [MEDIUM] CWE-400 CVE-2022-0476: Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.

nvd

CVE-2022-0713HIGHCVSS 7.1≥ unspecified, < 5.6.42022-02-22

CVE-2022-0713 [HIGH] CWE-122 CVE-2022-0713: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

nvd

CVE-2022-0676HIGHCVSS 7.8≥ unspecified, < 5.6.42022-02-22

CVE-2022-0676 [HIGH] CWE-122 CVE-2022-0676: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.

nvd

CVE-2022-0712MEDIUMCVSS 5.5≥ unspecified, < 5.6.42022-02-22

CVE-2022-0712 [MEDIUM] CWE-476 CVE-2022-0712: NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.

nvd

CVE-2022-0559CRITICALCVSS 9.8≥ unspecified, < 5.6.22022-02-16

CVE-2022-0559 [CRITICAL] CWE-416 CVE-2022-0559: Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

nvd

CVE-2022-0139CRITICALCVSS 9.8≥ unspecified, < 5.6.02022-02-08

CVE-2022-0139 [CRITICAL] CWE-416 CVE-2022-0139: Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.

nvd

CVE-2022-0520HIGHCVSS 7.8≥ unspecified, < 5.6.22022-02-08

CVE-2022-0520 [HIGH] CWE-416 Use After Free in radareorg/radare2 Use After Free in radareorg/radare2 Use After Free in NPM radare2.js prior to 5.6.2.

cvelistv5

CVE-2022-0518HIGHCVSS 7.1≥ unspecified, < 5.6.22022-02-08

CVE-2022-0518 [HIGH] CWE-122 CVE-2022-0518: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.

nvd

CVE-2022-0523HIGHCVSS 7.8≥ unspecified, < 5.6.22022-02-08

CVE-2022-0523 [HIGH] CWE-416 CVE-2022-0523: Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

nvd

CVE-2022-0521HIGHCVSS 7.1≥ unspecified, < 5.6.22022-02-08

CVE-2022-0521 [HIGH] CWE-788 CVE-2022-0521: Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.

nvd

← Previous2 / 3Next →