Radare: >> Radare2 >> 4.4.0 Security Vulnerabilities
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
CVSS Score
6.3
EPSS Score
0.003
Published
2022-02-08
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
CVSS Score
6.3
EPSS Score
0.004
Published
2022-02-08
Use After Free in NPM radare2.js prior to 5.6.2.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-02-08
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
CVSS Score
6.3
EPSS Score
0.004
Published
2022-02-08
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.
CVSS Score
7.1
EPSS Score
0.004
Published
2022-02-08
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
CVSS Score
5.9
EPSS Score
0.003
Published
2022-02-01
radare2 is vulnerable to Out-of-bounds Read
CVSS Score
9.6
EPSS Score
0.004
Published
2022-01-11
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
CVSS Score
5.5
EPSS Score
0.004
Published
2021-05-14
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.
CVSS Score
7.4
EPSS Score
0.006
Published
2020-07-20
Page 6