CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4322 – Heap-based Buffer Overflow in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-4322
14 Aug 2023 — Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el repositorio de GitHub radareorg/radare2 antes de 5.9.0. • https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32495
https://notcve.org/view.php?id=CVE-2021-32495
07 Jul 2023 — Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. • https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32494
https://notcve.org/view.php?id=CVE-2021-32494
07 Jul 2023 — Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. • https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1605 – Denial of Service in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-1605
23 Mar 2023 — Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. • https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0302 – Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-0302
15 Jan 2023 — Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. Fallo al sanitizar elementos especiales en un plano diferente (Special Element Injection) en el repositorio de GitHub radareorg/radare2 antes de 5.8.2. • https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4843 – NULL Pointer Dereference in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-4843
29 Dec 2022 — NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2. Eliminación de referencia del puntero NULL en el repositorio de GitHub radareorg/radare2 antes de 5.8.2. • https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4398 – Integer Overflow or Wraparound in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-4398
10 Dec 2022 — Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0. Desbordamiento de enteros o Wraparound en el repositorio de GitHub radareorg/radare2 anterior a 5.8.0. • https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27794
https://notcve.org/view.php?id=CVE-2020-27794
19 Aug 2022 — A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. Se ha detectado un problema de doble liberación en radare2 en la función cmd_info.c:cmd_info(). Una explotación con éxito podría conllevar a una modificación de ubicaciones de memoria no esperadas y causar potencialmente un bloqueo. • https://github.com/radareorg/radare2/commit/cb8b683758edddae2d2f62e8e63a738c39f92683 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27793
https://notcve.org/view.php?id=CVE-2020-27793
19 Aug 2022 — An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. Se ha detectado un fallo de desbordamiento de memoria uno a uno en radare2 debido a una longitud de matriz no coincidente en el archivo core_java.c. Esto podría permitir a un atacante causar un fallo y llevar a cabo un ataque de denegación de servicio. • https://github.com/radareorg/radare2/commit/ced0223c7a1b3b5344af315715cd28fe7c0d9ebc • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27795
https://notcve.org/view.php?id=CVE-2020-27795
19 Aug 2022 — A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). Se ha detectado un fallo de segmentación en radare2 con el comando adf. En el archivo libr/core/cmd_anal.c, cuando el comando "adf" no presenta argumento o es erróneo, anal_fcn_data... • https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22 • CWE-908: Use of Uninitialized Resource •