CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 1CVE-2019-19590
https://notcve.org/view.php?id=CVE-2019-19590
05 Dec 2019 — In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. En radare2 versiones hasta la versión 4.0, hay un desbordamiento de enteros para la variable new_toke... • https://github.com/radareorg/radare2/issues/15543 • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-16718
https://notcve.org/view.php?id=CVE-2019-16718
23 Sep 2019 — In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. En radare2 versiones anteriores a 3.9.0, se presenta una vulnerabilidad de inyección de comando en la función bin_symbols() en el archivo libr/core/cbin.c.... • https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 7%CPEs: 4EXPL: 2CVE-2019-14745
https://notcve.org/view.php?id=CVE-2019-14745
07 Aug 2019 — In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. En radare2 anterior a la versión 3.7.0, se presenta una vulnerabilidad de inyección de comandos en la función bin_symbols() en el archivo libr/core/cbin.c. Mediante el uso de un archivo ejecutable d... • https://github.com/xooxo/CVE-2019-14745 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12865
https://notcve.org/view.php?id=CVE-2019-12865
17 Jun 2019 — In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. En radare2 hasta versión 3.5.1, la función cmd_mount en el archivo libr/core/cmd_mount.c presenta una doble liberación para el comando ms. • https://github.com/radare/radare2/issues/14334 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12829
https://notcve.org/view.php?id=CVE-2019-12829
15 Jun 2019 — radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c. radare2 hasta versión 3.5.1 maneja inapropiadamente la API de RParse, que permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente tener otro impacto no especificado, como... • https://github.com/radare/radare2/issues/14303 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-12802
https://notcve.org/view.php?id=CVE-2019-12802
13 Jun 2019 — In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). En radare2 a hasta 3.5.1, la función rcc_context de libr/egg/egg_lang.c mishandles changing context. Esto permite a los atacantes remotos causar una denegación de servicio (application crash) o posiblemente tien... • https://github.com/radare/radare2/issues/14296 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12790
https://notcve.org/view.php?id=CVE-2019-12790
10 Jun 2019 — In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c. En radare2 a 3.5.1, hay una lectura en exceso del búfer basado en el montón en la función r_egg_lang_parsechar de egg_lang.c. Esto permite a los atacantes remotos causar una denegación de servicio (bloqueo de la aplicac... • https://github.com/radare/radare2/issues/14211 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20455
https://notcve.org/view.php?id=CVE-2018-20455
25 Dec 2018 — In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456. En radare2, en versiones anteriores a la 3.1.1, la función parseOperand en libr/asm/p/asm_x86_nz.c podría permitir que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación mediante un desbordamiento de búfer basado en pila) manip... • https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20456
https://notcve.org/view.php?id=CVE-2018-20456
25 Dec 2018 — In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455. En radare2, en versiones anteriores a la 3.1.1, la función parseOperand en libr/asm/p/asm_x86_nz.c podría permitir que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación en libr/util/strbuf.c mediante una... • https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20457
https://notcve.org/view.php?id=CVE-2018-20457
25 Dec 2018 — In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an arm assembly input because a loop uses an incorrect index in armass.c and certain length validation is missing in armass64.c, a related issue to CVE-2018-20459. En radare2 hasta la versión 3.1.3, la función assemble en libr/asm/p/asm_arm_cs.c permite que los atacantes provoquen una denegación de servicio (cierre i... • https://github.com/radare/radare2/issues/12417 • CWE-125: Out-of-bounds Read •