Vulnerabilities > Radare
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-3673 | Unchecked Return Value vulnerability in multiple products A vulnerability was found in Radare2 in version 5.3.1. | 7.5 |
| 2021-07-14 | CVE-2020-24133 | Out-of-bounds Write vulnerability in Radare Radare2-Extras A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. | 9.8 |
| 2021-05-14 | CVE-2021-32613 | Double Free vulnerability in multiple products In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. | 5.5 |
| 2020-08-11 | CVE-2020-17487 | radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. | 7.5 |
| 2020-08-03 | CVE-2020-16269 | radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | 5.5 |
| 2020-07-20 | CVE-2020-15121 | OS Command Injection vulnerability in multiple products In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. | 9.6 |
| 2019-12-09 | CVE-2019-19647 | NULL Pointer Dereference vulnerability in multiple products radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. | 7.8 |
| 2019-12-05 | CVE-2019-19590 | Use After Free vulnerability in Radare Radare2 In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. | 7.8 |
| 2019-09-23 | CVE-2019-16718 | OS Command Injection vulnerability in Radare Radare2 In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. | 6.8 |
| 2019-08-07 | CVE-2019-14745 | Command Injection vulnerability in multiple products In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. | 7.8 |