Radare: >> Radare2 >> 5.3.0 Security Vulnerabilities
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.
CVSS Score
10.0
EPSS Score
0.003
Published
2023-07-07
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-03-23
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2.
CVSS Score
8.6
EPSS Score
0.0
Published
2023-01-15
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-12-29
Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-12-10
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.
CVSS Score
7.7
EPSS Score
0.004
Published
2022-05-26
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-05-25
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVSS Score
7.4
EPSS Score
0.003
Published
2022-05-21
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
CVSS Score
7.9
EPSS Score
0.001
Published
2022-05-13
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html).
CVSS Score
7.6
EPSS Score
0.002
Published
2022-05-10