Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
radare radare2 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-16718
In radare2 prior to 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fi...
Radare Radare2
NA
CVE-2022-4843
NULL Pointer Dereference in GitHub repository radareorg/radare2 before 5.8.2.
Radare Radare2
5
CVSSv2
CVE-2019-12829
radare2 up to and including 3.5.1 mishandles the RParse API, which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm...
Radare Radare2
4.3
CVSSv2
CVE-2019-12865
In radare2 up to and including 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
Radare Radare2
6.8
CVSSv2
CVE-2019-19590
In radare2 up to and including 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after...
Radare Radare2
NA
CVE-2023-0302
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 before 5.8.2.
Radare Radare2
NA
CVE-2020-27793
An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an malicious user to cause a crash, and perform a denail of service attack.
Radare Radare2
NA
CVE-2020-27794
A double free issue exists in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash.
Radare Radare2
NA
CVE-2020-27795
A segmentation fault exists in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fc...
Radare Radare2
4.3
CVSSv2
CVE-2018-20455
In radare2 before 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow malicious users to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.
Radare Radare2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »