CVE-2023-4322 – Heap-based Buffer Overflow in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-4322
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el repositorio de GitHub radareorg/radare2 antes de 5.9.0. • https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-32495
https://notcve.org/view.php?id=CVE-2021-32495
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. • https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05 https://github.com/radareorg/radare2/issues/18666 • CWE-416: Use After Free •
CVE-2021-32494
https://notcve.org/view.php?id=CVE-2021-32494
Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. • https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62 https://github.com/radareorg/radare2/issues/18667 • CWE-369: Divide By Zero •
CVE-2023-1605 – Denial of Service in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-1605
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. • https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2 • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-27114
https://notcve.org/view.php?id=CVE-2023-27114
radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. • https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509 https://github.com/radareorg/radare2/issues/21363 • CWE-476: NULL Pointer Dereference •