Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
radare2 vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2020-15121
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwn...
Radare Radare2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.8
CVSSv3
CVE-2019-19647
radare2 up to and including 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote malicious users to cause a denial of service (application crash) or possibly have unspeci...
Radare Radare2
Fedoraproject Fedora 30
Fedoraproject Fedora 31
7.8
CVSSv3
CVE-2019-19590
In radare2 up to and including 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after...
Radare Radare2
7.8
CVSSv3
CVE-2019-16718
In radare2 prior to 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fi...
Radare Radare2
7.8
CVSSv3
CVE-2019-14745
In radare2 prior to 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling ...
Radare Radare2
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 Github repository
5.5
CVSSv3
CVE-2019-12865
In radare2 up to and including 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
Radare Radare2
7.5
CVSSv3
CVE-2019-12829
radare2 up to and including 3.5.1 mishandles the RParse API, which allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm...
Radare Radare2
7.8
CVSSv3
CVE-2019-12802
In radare2 up to and including 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_pa...
Radare Radare2
Fedoraproject Fedora 29
Fedoraproject Fedora 30
7.8
CVSSv3
CVE-2019-12790
In radare2 up to and including 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length...
Radare Radare2
5.5
CVSSv3
CVE-2018-20455
In radare2 before 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow malicious users to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.
Radare Radare2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »