Search Results (Refine Search)
- CPE Product Version: cpe:/a:radare:radare2:0.10.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-0712 |
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4. Published: February 22, 2022; 1:15:12 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2022-0676 |
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. Published: February 21, 2022; 7:15:07 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2022-0559 |
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Published: February 16, 2022; 6:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-0523 |
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Published: February 08, 2022; 4:15:20 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2022-0522 |
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. Published: February 08, 2022; 4:15:20 PM -0500 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2022-0521 |
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. Published: February 08, 2022; 4:15:19 PM -0500 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2022-0520 |
Use After Free in NPM radare2.js prior to 5.6.2. Published: February 08, 2022; 4:15:19 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2022-0519 |
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. Published: February 08, 2022; 4:15:19 PM -0500 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2022-0518 |
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. Published: February 08, 2022; 4:15:19 PM -0500 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2022-0139 |
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. Published: February 08, 2022; 2:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-0419 |
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. Published: February 01, 2022; 6:15:11 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-0173 |
radare2 is vulnerable to Out-of-bounds Read Published: January 11, 2022; 12:15:08 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-32613 |
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. Published: May 14, 2021; 9:15:07 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-15121 |
In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory. Published: July 20, 2020; 2:15:12 PM -0400 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2019-19647 |
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. Published: December 08, 2019; 8:15:10 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-19590 |
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. Published: December 04, 2019; 9:15:19 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-16718 |
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. Published: September 23, 2019; 10:15:10 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14745 |
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. Published: August 07, 2019; 11:15:14 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-12865 |
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. Published: June 17, 2019; 7:15:13 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-12829 |
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c. Published: June 15, 2019; 1:29:10 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |