CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4322 – Heap-based Buffer Overflow in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-4322
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Una vulnerabilidad de desbordamiento de búfer en la región Heap de la memoria en el repositorio de GitHub radareorg/radare2 antes de 5.9.0. • https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOZ6XCADVAPAIHMVSV3FUAN742BHXF55 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32495
https://notcve.org/view.php?id=CVE-2021-32495
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. • https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05 https://github.com/radareorg/radare2/issues/18666 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32494
https://notcve.org/view.php?id=CVE-2021-32494
Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. • https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62 https://github.com/radareorg/radare2/issues/18667 • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1605 – Denial of Service in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-1605
Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. • https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0302 – Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in radareorg/radare2
https://notcve.org/view.php?id=CVE-2023-0302
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. Fallo al sanitizar elementos especiales en un plano diferente (Special Element Injection) en el repositorio de GitHub radareorg/radare2 antes de 5.8.2. • https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •